config: refactor secret_key_base initialization.
This commit is contained in:
evazion
@@ -33,6 +33,9 @@ module Danbooru
|
|||||||
config.plugins = [:all]
|
config.plugins = [:all]
|
||||||
config.time_zone = 'Eastern Time (US & Canada)'
|
config.time_zone = 'Eastern Time (US & Canada)'
|
||||||
|
|
||||||
|
raise "Danbooru.config.secret_key_base not configured" if Danbooru.config.secret_key_base.blank?
|
||||||
|
config.secret_key_base = Danbooru.config.secret_key_base
|
||||||
|
|
||||||
if Danbooru.config.mail_delivery_method.to_sym == :smtp
|
if Danbooru.config.mail_delivery_method.to_sym == :smtp
|
||||||
config.action_mailer.delivery_method = :smtp
|
config.action_mailer.delivery_method = :smtp
|
||||||
config.action_mailer.smtp_settings = Danbooru.config.mail_settings
|
config.action_mailer.smtp_settings = Danbooru.config.mail_settings
|
||||||
|
|||||||
@@ -1,5 +1,15 @@
|
|||||||
module Danbooru
|
module Danbooru
|
||||||
class Configuration
|
class Configuration
|
||||||
|
# A secret key used to encrypt session cookies, among other things. If this
|
||||||
|
# token is changed, existing login sessions will become invalid. If this
|
||||||
|
# token is stolen, attackers will be able to forge session cookies and
|
||||||
|
# login as any user.
|
||||||
|
#
|
||||||
|
# Must be specified. Use `rake secret` to generate a random secret token.
|
||||||
|
def secret_key_base
|
||||||
|
ENV["SECRET_TOKEN"].presence || File.read(File.expand_path("~/.danbooru/secret_token"))
|
||||||
|
end
|
||||||
|
|
||||||
# The name of this Danbooru.
|
# The name of this Danbooru.
|
||||||
def app_name
|
def app_name
|
||||||
if CurrentUser.safe_mode?
|
if CurrentUser.safe_mode?
|
||||||
|
|||||||
@@ -1,9 +0,0 @@
|
|||||||
require File.expand_path('../../state_checker', __FILE__)
|
|
||||||
|
|
||||||
StateChecker.instance.check!
|
|
||||||
|
|
||||||
Rails.application.config.action_dispatch.session = {
|
|
||||||
:key => '_danbooru2_session',
|
|
||||||
:secret => StateChecker.instance.session_secret_key
|
|
||||||
}
|
|
||||||
Rails.application.config.secret_key_base = StateChecker.instance.secret_token
|
|
||||||
@@ -1,46 +0,0 @@
|
|||||||
class StateChecker
|
|
||||||
include Singleton
|
|
||||||
|
|
||||||
def check!
|
|
||||||
ENV["SECRET_TOKEN"].present? || check_secret_token
|
|
||||||
ENV["SESSION_SECRET_KEY"].present? || check_session_secret_key
|
|
||||||
end
|
|
||||||
|
|
||||||
def secret_token
|
|
||||||
ENV["SECRET_TOKEN"] || File.read(secret_token_path)
|
|
||||||
end
|
|
||||||
|
|
||||||
def session_secret_key
|
|
||||||
ENV["SESSION_SECRET_KEY"] || File.read(session_secret_key_path)
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def secret_token_path
|
|
||||||
File.expand_path("~/.danbooru/secret_token")
|
|
||||||
end
|
|
||||||
|
|
||||||
def check_secret_token
|
|
||||||
unless File.exists?(secret_token_path)
|
|
||||||
raise "You must create a file in #{secret_token_path} containing a secret key. It should be a string of at least 32 random characters."
|
|
||||||
end
|
|
||||||
|
|
||||||
if File.stat(secret_token_path).world_readable? || File.stat(secret_token_path).world_writable?
|
|
||||||
raise "#{secret_token_path} must not be world readable or writable"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def session_secret_key_path
|
|
||||||
File.expand_path("~/.danbooru/session_secret_key")
|
|
||||||
end
|
|
||||||
|
|
||||||
def check_session_secret_key
|
|
||||||
unless File.exists?(session_secret_key_path)
|
|
||||||
raise "You must create a file in #{session_secret_key_path} containing a secret key. It should be a string of at least 32 random characters."
|
|
||||||
end
|
|
||||||
|
|
||||||
if File.stat(session_secret_key_path).world_readable? || File.stat(session_secret_key_path).world_writable?
|
|
||||||
raise "#{session_secret_key_path} must not be world readable or writable"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
Reference in New Issue
Block a user