Commit deec9dd8 authored by Robert Czechowski's avatar Robert Czechowski
Browse files

Require cookie signing secret in configuration instead of using hard coded secret

parent 0a10d56e
Pipeline #217 passed with stages
in 25 minutes and 30 seconds
......@@ -15,6 +15,7 @@ pub struct Config {
pub template: Option<String>,
pub no_contest_scan: Option<bool>,
pub open_browser: Option<bool>,
pub cookie_signing_secret: Option<String>,
}
#[derive(StructOpt, Debug)]
......
......@@ -316,6 +316,7 @@ mod tests {
let mut config = config::read_config_from_file(Path::new("thisfileshoudnotexist"));
config.port = Some(port);
config.cookie_signing_secret = Some("testtesttesttesttesttesttesttest".to_string());
let mut srvr = start_server(conn, config).expect(&format!("Could not start server on port {}", port));
// Message server started
......
......@@ -904,9 +904,6 @@ pub fn start_server<C>(conn: C, config: Config) -> iron::error::HttpResult<iron:
debug_create: get "/debug/create" => debug_create_session::<C>,
);
// TODO: how important is this? Should this be in the config? Or should this be autogenerated and saved to disk?
let my_secret = b"verysecret".to_vec();
let mut mount = Mount::new();
// Serve the shared JS/CSS at /
......@@ -923,7 +920,7 @@ pub fn start_server<C>(conn: C, config: Config) -> iron::error::HttpResult<iron:
ch.link(Write::<SharedConfiguration>::both(config.clone()));
ch.link_around(CookieDistributor {});
ch.link_around(SessionStorage::new(SignedCookieBackend::new(my_secret)));
ch.link_around(SessionStorage::new(SignedCookieBackend::new(config.cookie_signing_secret.expect("Cookie signing secret not found in configuration").into_bytes())));
ch.link_after(get_handlebars_engine(&config.template.unwrap_or_else(|| "default".to_string())));
ch.link_after(ErrorReporter);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment