diff options
| author | Christoph (Sheogorath) Kern | 2018-03-28 12:25:01 +0200 |
|---|---|---|
| committer | GitHub | 2018-03-28 12:25:01 +0200 |
| commit | d2cce7638a78ca7616607217b179c15915452058 (patch) | |
| tree | 25a5639f0f5c42cfee02e41099c104ac79443867 | |
| parent | 1649a9b74246aa830a024b18a4ad00661e23f785 (diff) | |
| parent | 3599fb79b437fb758e799452a9ad335420787349 (diff) | |
Merge pull request #780 from SISheogorath/fix/sessionSecret
Automatically generate a session secret if default is used
| -rw-r--r-- | lib/config/default.js | 1 | ||||
| -rw-r--r-- | lib/config/index.js | 9 |
2 files changed, 10 insertions, 0 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index 19ddccf6..b6f1af17 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -46,6 +46,7 @@ module.exports = { // session sessionName: 'connect.sid', sessionSecret: 'secret', + sessionSecretLen: 128, sessionLife: 14 * 24 * 60 * 60 * 1000, // 14 days staticCacheTime: 1 * 24 * 60 * 60 * 1000, // 1 day // socket.io diff --git a/lib/config/index.js b/lib/config/index.js index cc71564b..d885ee92 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -1,6 +1,7 @@ 'use strict' +const crypto = require('crypto') const fs = require('fs') const path = require('path') const {merge} = require('lodash') @@ -117,6 +118,14 @@ for (let i = keys.length; i--;) { } } +// Generate session secret if it stays on default values +if (config.sessionSecret === 'secret') { + logger.warn('Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.') + config.sessionSecret = crypto.randomBytes(Math.ceil(config.sessionSecretLen / 2)) // generate crypto graphic random number + .toString('hex') // convert to hexadecimal format + .slice(0, config.sessionSecretLen) // return required number of characters +} + // Validate upload upload providers if (['filesystem', 's3', 'minio', 'imgur'].indexOf(config.imageUploadType) === -1) { logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio" or "imgur". Defaulting to "imgur"') |