summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSheogorath2018-03-28 12:49:03 +0200
committerSheogorath2018-03-29 19:34:32 +0200
commit30b5ff0d96a25ef21cccaebd242ef69b7c4a84d1 (patch)
tree9ab2c1523b02578838ef85d1465cfee784bf98c2
parentd2cce7638a78ca7616607217b179c15915452058 (diff)
Add session data to env vars
Currently the session secret can only be set by config.json or docker secrets. This creates a problem on Heroku hosted instances that can not set a session secret. Since we automatically generate them on startup this results in an logout of all users on every config change in Heroku. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
-rw-r--r--README.md2
-rw-r--r--app.json4
-rw-r--r--lib/config/environment.js2
3 files changed, 8 insertions, 0 deletions
diff --git a/README.md b/README.md
index 0bb3845b..bdad3336 100644
--- a/README.md
+++ b/README.md
@@ -151,6 +151,8 @@ There are some config settings you need to change in the files below.
| `HMD_ALLOW_FREEURL` | `true` or `false` | set to allow new note creation by accessing a nonexistent note URL |
| `HMD_DEFAULT_PERMISSION` | `freely`, `editable`, `limited`, `locked` or `private` | set notes default permission (only applied on signed users) |
| `HMD_DB_URL` | `mysql://localhost:3306/database` | set the database URL |
+| `HMD_SESSION_SECRET` | no example | Secret used to sign the session cookie. If non is set, one will randomly generated on startup |
+| `HMD_SESSION_LIFE` | `1209600000` | Session life time. (milliseconds) |
| `HMD_FACEBOOK_CLIENTID` | no example | Facebook API client id |
| `HMD_FACEBOOK_CLIENTSECRET` | no example | Facebook API client secret |
| `HMD_TWITTER_CONSUMERKEY` | no example | Twitter API consumer key |
diff --git a/app.json b/app.json
index b2116eb6..54ce160e 100644
--- a/app.json
+++ b/app.json
@@ -23,6 +23,10 @@
"description": "Specify database type. See sequelize available databases. Default using postgres",
"value": "postgres"
},
+ "HMD_SESSION_SECRET": {
+ "description": "Secret used to secure session cookies.",
+ "required": false
+ },
"HMD_HSTS_ENABLE": {
"description": "whether to also use HSTS if HTTPS is enabled",
"required": false
diff --git a/lib/config/environment.js b/lib/config/environment.js
index cab3bc3e..3dde4786 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -26,6 +26,8 @@ module.exports = {
allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
defaultPermission: process.env.HMD_DEFAULT_PERMISSION,
dbURL: process.env.HMD_DB_URL,
+ sessionSecret: process.env.HMD_SESSION_SECRET,
+ sessionLife: toIntegerConfig(process.env.HMD_SESSION_LIFE),
imageUploadType: process.env.HMD_IMAGE_UPLOAD_TYPE,
imgur: {
clientID: process.env.HMD_IMGUR_CLIENTID