diff options
Diffstat (limited to '')
| -rw-r--r-- | lib/config/default.js | 1 | ||||
| -rw-r--r-- | lib/config/index.js | 9 | 
2 files changed, 10 insertions, 0 deletions
| diff --git a/lib/config/default.js b/lib/config/default.js index 19ddccf6..b6f1af17 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -46,6 +46,7 @@ module.exports = {    // session    sessionName: 'connect.sid',    sessionSecret: 'secret', +  sessionSecretLen: 128,    sessionLife: 14 * 24 * 60 * 60 * 1000, // 14 days    staticCacheTime: 1 * 24 * 60 * 60 * 1000, // 1 day    // socket.io diff --git a/lib/config/index.js b/lib/config/index.js index fae51e52..54e9aae6 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -1,6 +1,7 @@  'use strict' +const crypto = require('crypto')  const fs = require('fs')  const path = require('path')  const {merge} = require('lodash') @@ -117,6 +118,14 @@ for (let i = keys.length; i--;) {    }  } +// Generate session secret if it stays on default values +if (config.sessionSecret === 'secret') { +  logger.warn('Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.') +  config.sessionSecret = crypto.randomBytes(Math.ceil(config.sessionSecretLen / 2)) // generate crypto graphic random number +        .toString('hex')                                                            // convert to hexadecimal format +        .slice(0, config.sessionSecretLen)                                           // return required number of characters +} +  // Validate upload upload providers  if (['filesystem', 's3', 'minio', 'imgur'].indexOf(config.imageUploadType) === -1) {    logger.error('"imageuploadtype" is not correctly set. Please use "filesystem", "s3", "minio" or "imgur". Defaulting to "imgur"') | 
