Commit deec9dd8 authored by Robert Czechowski's avatar Robert Czechowski
Browse files

Require cookie signing secret in configuration instead of using hard coded secret

parent 0a10d56e
Pipeline #217 passed with stages
in 25 minutes and 30 seconds
...@@ -15,6 +15,7 @@ pub struct Config { ...@@ -15,6 +15,7 @@ pub struct Config {
pub template: Option<String>, pub template: Option<String>,
pub no_contest_scan: Option<bool>, pub no_contest_scan: Option<bool>,
pub open_browser: Option<bool>, pub open_browser: Option<bool>,
pub cookie_signing_secret: Option<String>,
} }
#[derive(StructOpt, Debug)] #[derive(StructOpt, Debug)]
......
...@@ -316,6 +316,7 @@ mod tests { ...@@ -316,6 +316,7 @@ mod tests {
let mut config = config::read_config_from_file(Path::new("thisfileshoudnotexist")); let mut config = config::read_config_from_file(Path::new("thisfileshoudnotexist"));
config.port = Some(port); config.port = Some(port);
config.cookie_signing_secret = Some("testtesttesttesttesttesttesttest".to_string());
let mut srvr = start_server(conn, config).expect(&format!("Could not start server on port {}", port)); let mut srvr = start_server(conn, config).expect(&format!("Could not start server on port {}", port));
// Message server started // Message server started
......
...@@ -904,9 +904,6 @@ pub fn start_server<C>(conn: C, config: Config) -> iron::error::HttpResult<iron: ...@@ -904,9 +904,6 @@ pub fn start_server<C>(conn: C, config: Config) -> iron::error::HttpResult<iron:
debug_create: get "/debug/create" => debug_create_session::<C>, debug_create: get "/debug/create" => debug_create_session::<C>,
); );
// TODO: how important is this? Should this be in the config? Or should this be autogenerated and saved to disk?
let my_secret = b"verysecret".to_vec();
let mut mount = Mount::new(); let mut mount = Mount::new();
// Serve the shared JS/CSS at / // Serve the shared JS/CSS at /
...@@ -923,7 +920,7 @@ pub fn start_server<C>(conn: C, config: Config) -> iron::error::HttpResult<iron: ...@@ -923,7 +920,7 @@ pub fn start_server<C>(conn: C, config: Config) -> iron::error::HttpResult<iron:
ch.link(Write::<SharedConfiguration>::both(config.clone())); ch.link(Write::<SharedConfiguration>::both(config.clone()));
ch.link_around(CookieDistributor {}); ch.link_around(CookieDistributor {});
ch.link_around(SessionStorage::new(SignedCookieBackend::new(my_secret))); ch.link_around(SessionStorage::new(SignedCookieBackend::new(config.cookie_signing_secret.expect("Cookie signing secret not found in configuration").into_bytes())));
ch.link_after(get_handlebars_engine(&config.template.unwrap_or_else(|| "default".to_string()))); ch.link_after(get_handlebars_engine(&config.template.unwrap_or_else(|| "default".to_string())));
ch.link_after(ErrorReporter); ch.link_after(ErrorReporter);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment