No longer use randomly generated key to encrypt session cookie

2025-02-04 21:12:29 +01:00 · 2025-02-04 21:12:29 +01:00 · c573d2f74a
commit c573d2f74a
parent babb3a2e07
2 changed files with 20 additions and 2 deletions
--- a/src/app_config.rs
+++ b/src/app_config.rs
@ -18,6 +18,10 @@ pub struct AppConfig {
    #[clap(short, long, env)]
    pub proxy_ip: Option<String>,

+    /// Secret key, used to sign some resources. Must be randomly generated
+    #[clap(short = 'S', long, env, default_value = "")]
+    secret: String,
+
    /// Matrix API origin
    #[clap(short, long, env, default_value = "http://127.0.0.1:8448")]
    pub matrix_homeserver: String,
@ -99,6 +103,21 @@ impl AppConfig {
        &ARGS
    }

+    /// Get app secret
+    pub fn secret(&self) -> &str {
+        let mut secret = self.secret.as_str();
+
+        if cfg!(debug_assertions) && secret.is_empty() {
+            secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";
+        }
+
+        if secret.is_empty() {
+            panic!("SECRET is undefined or too short (min 64 chars)!")
+        }
+
+        secret
+    }
+
    /// Get Redis connection configuration
    pub fn redis_connection_string(&self) -> String {
        format!(
--- a/src/main.rs
+++ b/src/main.rs
@ -15,8 +15,7 @@ async fn main() -> std::io::Result<()> {
        .await
        .expect("Failed to create bucket!");

-    // FIXME : not scalable
-    let secret_key = Key::generate();
+    let secret_key = Key::from(AppConfig::get().secret().as_bytes());

    let redis_store = RedisSessionStore::new(AppConfig::get().redis_connection_string())
        .await