config: auto generate secret key if none given.

Automatically generate a random secret key for `Danbooru.config.secret_key_base` if no key is specified. This so that you can run Danbooru in a Docker container with zero configuration. This removes support for the ~/.danbooru/secret_token file and the SECRET_TOKEN environment variable. If you used either one of these, you must copy the value either to DANBOORU_SECRET_KEY_BASE in .env.local, or to `secret_key_base` in config/danbooru_local_config.rb. # .env.local DANBOORU_SECRET_KEY_BASE=<value> # config/danbooru_local_config.rb def secret_key_base # <value> end
2021-03-23 02:51:31 -05:00
parent 189adc683f
commit 1a8c70f5ff
4 changed files with 13 additions and 16 deletions
--- a/INSTALL.debian
+++ b/INSTALL.debian
@@ -100,13 +100,6 @@ sudo -u danbooru git clone git://github.com/sstephenson/ruby-build.git ~danbooru
 sudo -u danbooru bash -l -c "RUBY_CONFIGURE_OPTS=--disable-install-doc rbenv install --verbose $RUBY_VERSION"
 sudo -u danbooru bash -l -c "rbenv global $RUBY_VERSION"

-# Generate secret token and secret key
-echo "* Generating secret keys..."
-sudo -u danbooru mkdir ~danbooru/.danbooru/
-sudo -u danbooru sh -c 'openssl rand -hex 32 > ~danbooru/.danbooru/secret_token'
-sudo -u danbooru sh -c 'openssl rand -hex 32 > ~danbooru/.danbooru/session_secret_key'
-chmod 600 ~danbooru/.danbooru/*
-
 # Install gems
 echo "* Installing gems..."
 sudo -u danbooru bash -l -c 'gem install --no-ri --no-rdoc bundler'
--- a/config/danbooru_default_config.rb
+++ b/config/danbooru_default_config.rb
@@ -1,13 +1,20 @@
 module Danbooru
  class Configuration
-    # A secret key used to encrypt session cookies, among other things. If this
-    # token is changed, existing login sessions will become invalid. If this
-    # token is stolen, attackers will be able to forge session cookies and
-    # login as any user.
+    # A secret key used to encrypt session cookies, among other things.
    #
-    # Must be specified. Use `rake secret` to generate a random secret token.
+    # If this key is changed, existing login sessions will become invalid and
+    # all users will be logged out.
+    #
+    # If this key is stolen, attackers will be able to forge session cookies
+    # and login as any user.
+    #
+    # Must be specified. If this is not specified, then a new secret key will
+    # generated every time the server starts, which will log out all users on
+    # every restart.
+    #
+    # Use `rake secret` to generate a random secret key.
    def secret_key_base
-      ENV["SECRET_TOKEN"].presence || File.read(File.expand_path("~/.danbooru/secret_token"))
+      SecureRandom.uuid
    end

    # The name of this Danbooru.
--- a/config/docker/Dockerfile.danbooru
+++ b/config/docker/Dockerfile.danbooru
@@ -34,8 +34,6 @@ RUN yarn install
 COPY . .
 RUN bundle config set path vendor/bundle --local

-ARG DATABASE_URL=postgresql://0.0.0.0
-ARG DANBOORU_SECRET_KEY_BASE=1234
 ARG RAILS_ENV=production
 RUN bin/rails assets:precompile && ln -sf packs public/packs-test
 RUN rm -rf node_modules log tmp .yarn/cache && mkdir log tmp
--- a/config/docker/docker-compose.test.yaml
+++ b/config/docker/docker-compose.test.yaml
@@ -16,7 +16,6 @@ services:
      - DATABASE_URL=postgresql://danbooru:danbooru@postgres/danbooru
      - ARCHIVE_DATABASE_URL=postgresql://danbooru:danbooru@postgres/danbooru
      - PARALLEL_WORKERS=8 # number of parallel tests to run
-      - DANBOORU_SECRET_KEY_BASE=1234
      - DANBOORU_AWS_SQS_ENABLED
      - DANBOORU_TWITTER_API_KEY
      - DANBOORU_TWITTER_API_SECRET