mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-12-25 06:31:02 +00:00
Merge pull request #780 from SISheogorath/fix/sessionSecret
Automatically generate a session secret if default is used
This commit is contained in:
commit
d2cce7638a
2 changed files with 10 additions and 0 deletions
|
@ -46,6 +46,7 @@ module.exports = {
|
|||
// session
|
||||
sessionName: 'connect.sid',
|
||||
sessionSecret: 'secret',
|
||||
sessionSecretLen: 128,
|
||||
sessionLife: 14 * 24 * 60 * 60 * 1000, // 14 days
|
||||
staticCacheTime: 1 * 24 * 60 * 60 * 1000, // 1 day
|
||||
// socket.io
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
|
||||
'use strict'
|
||||
|
||||
const crypto = require('crypto')
|
||||
const fs = require('fs')
|
||||
const path = require('path')
|
||||
const {merge} = require('lodash')
|
||||
|
@ -117,6 +118,14 @@ for (let i = keys.length; i--;) {
|
|||
}
|
||||
}
|
||||
|
||||
// Generate session secret if it stays on default values
|
||||
if (config.sessionSecret === 'secret') {
|
||||
logger.warn('Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.')
|
||||
config.sessionSecret = crypto.randomBytes(Math.ceil(config.sessionSecretLen / 2)) // generate crypto graphic random number
|
||||
.toString('hex') // convert to hexadecimal format
|
||||
.slice(0, config.sessionSecretLen) // return required number of characters
|
||||
}
|
||||
|
||||
// Validate upload upload providers
|
||||
if (['filesystem', 's3', 'minio', 'imgur'].indexOf(config.imageUploadType) === -1) {
|
||||
logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio" or "imgur". Defaulting to "imgur"')
|
||||
|
|
Loading…
Reference in a new issue