Merge pull request #30 from br0xen/master

Remove hardcoded session secret
This commit is contained in:
Brian Buller 2018-01-26 11:48:45 -06:00 committed by GitHub
commit f6b72a4286
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 3 deletions

17
main.go
View File

@ -61,9 +61,7 @@ type menuItem struct {
Icon string
}
var sessionSecret = "JCOP5e8ohkTcOzcSMe74"
var sessionStore = sessions.NewCookieStore([]byte(sessionSecret))
var sessionStore *sessions.CookieStore
var r *mux.Router
var m *model
@ -88,6 +86,9 @@ func main() {
initialize()
// We should have a session secret by now, initialize the store
sessionStore = sessions.NewCookieStore([]byte(m.site.sessionSecret))
r = mux.NewRouter()
r.StrictSlash(true)
@ -220,6 +221,16 @@ func initialize() {
} else {
fmt.Println("No Jam Name Specified")
}
if m.site.sessionSecret == "" {
reader := bufio.NewReader(os.Stdin)
fmt.Println("A good session secret is like a good password")
fmt.Print("Create New Session Secret: ")
sessSc, _ := reader.ReadString('\n')
sessSc = strings.TrimSpace(sessSc)
m.site.sessionSecret = sessSc
assertError(m.site.SaveToDB())
}
}
func loggingHandler(h http.Handler) http.Handler {

View File

@ -24,6 +24,8 @@ type siteData struct {
m *model
mPath []string // The path in the db to this site data
changed bool
sessionSecret string
}
// NewSiteData returns a siteData object with the default values
@ -73,6 +75,9 @@ func (s *siteData) LoadFromDB() error {
s.ServerDir = serverDir
}
s.changed = false
if secret, _ := s.m.bolt.GetValue(s.mPath, "session-secret"); strings.TrimSpace(secret) != "" {
s.sessionSecret = secret
}
return nil
}
@ -102,6 +107,9 @@ func (s *siteData) SaveToDB() error {
return err
}
s.changed = false
if err = s.m.bolt.SetValue(s.mPath, "session-secret", s.sessionSecret); err != nil {
return err
}
return nil
}