Allow setting session secret cookie code

2023-08-10 21:13:00 +03:00 · 2018-01-18 20:51:08 +11:00 · 2018-01-18 20:51:08 +11:00 · 76ec1c1acb
commit 76ec1c1acb
parent 89d58f5a22
2 changed files with 8 additions and 1 deletions
--- a/handlers.go
+++ b/handlers.go
@ -33,10 +33,11 @@ func serve(
 	defaultPassword string,
 	debounce int,
 	diary bool,
+	secret string,
 ) {
 	gin.SetMode(gin.ReleaseMode)
 	router := gin.Default()
-	store := sessions.NewCookieStore([]byte("secret"))
+	store := sessions.NewCookieStore([]byte(secret))
 	router.Use(sessions.Sessions("mysession", store))
 	router.HTMLRender = loadTemplates("index.tmpl")
 	// router.Use(static.Serve("/static/", static.LocalFile("./static", true)))
--- a/main.go
+++ b/main.go
@ -51,6 +51,7 @@ func main() {
 			c.GlobalString("lock"),
 			c.GlobalInt("debounce"),
 			c.GlobalBool("diary"),
+			c.GlobalString("cookie-secret"),
 		)
 		return nil
 	}
@ -117,6 +118,11 @@ func main() {
 			Name:  "diary",
 			Usage: "turn diary mode (doing New will give a timestamped page)",
 		},
+		cli.StringFlag{
+			Name:  "cookie-secret",
+			Value: "secret",
+			Usage: "random data to use for cookies; changing it will invalidate all sessions",
+		},
 	}
 	app.Commands = []cli.Command{
 		{