From c573d2f74a2aef1ecb3161ac5526f3369a30d449 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Tue, 4 Feb 2025 21:12:29 +0100 Subject: [PATCH] No longer use randomly generated key to encrypt session cookie --- src/app_config.rs | 19 +++++++++++++++++++ src/main.rs | 3 +-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/app_config.rs b/src/app_config.rs index c809113..24280eb 100644 --- a/src/app_config.rs +++ b/src/app_config.rs @@ -18,6 +18,10 @@ pub struct AppConfig { #[clap(short, long, env)] pub proxy_ip: Option, + /// Secret key, used to sign some resources. Must be randomly generated + #[clap(short = 'S', long, env, default_value = "")] + secret: String, + /// Matrix API origin #[clap(short, long, env, default_value = "http://127.0.0.1:8448")] pub matrix_homeserver: String, @@ -99,6 +103,21 @@ impl AppConfig { &ARGS } + /// Get app secret + pub fn secret(&self) -> &str { + let mut secret = self.secret.as_str(); + + if cfg!(debug_assertions) && secret.is_empty() { + secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY"; + } + + if secret.is_empty() { + panic!("SECRET is undefined or too short (min 64 chars)!") + } + + secret + } + /// Get Redis connection configuration pub fn redis_connection_string(&self) -> String { format!( diff --git a/src/main.rs b/src/main.rs index cb7d58a..0239672 100644 --- a/src/main.rs +++ b/src/main.rs @@ -15,8 +15,7 @@ async fn main() -> std::io::Result<()> { .await .expect("Failed to create bucket!"); - // FIXME : not scalable - let secret_key = Key::generate(); + let secret_key = Key::from(AppConfig::get().secret().as_bytes()); let redis_store = RedisSessionStore::new(AppConfig::get().redis_connection_string()) .await