From 76ec1c1acbcaf80f7386f5958b2c0bb38d9cbefb Mon Sep 17 00:00:00 2001
From: Daniel Heath <daniel@heath.cc>
Date: Thu, 18 Jan 2018 20:51:08 +1100
Subject: [PATCH] Allow setting session secret cookie code

---
 handlers.go | 3 ++-
 main.go     | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/handlers.go b/handlers.go
index 49df689..57964bb 100755
--- a/handlers.go
+++ b/handlers.go
@@ -33,10 +33,11 @@ func serve(
 	defaultPassword string,
 	debounce int,
 	diary bool,
+	secret string,
 ) {
 	gin.SetMode(gin.ReleaseMode)
 	router := gin.Default()
-	store := sessions.NewCookieStore([]byte("secret"))
+	store := sessions.NewCookieStore([]byte(secret))
 	router.Use(sessions.Sessions("mysession", store))
 	router.HTMLRender = loadTemplates("index.tmpl")
 	// router.Use(static.Serve("/static/", static.LocalFile("./static", true)))
diff --git a/main.go b/main.go
index 7083993..85ee507 100755
--- a/main.go
+++ b/main.go
@@ -51,6 +51,7 @@ func main() {
 			c.GlobalString("lock"),
 			c.GlobalInt("debounce"),
 			c.GlobalBool("diary"),
+			c.GlobalString("cookie-secret"),
 		)
 		return nil
 	}
@@ -117,6 +118,11 @@ func main() {
 			Name:  "diary",
 			Usage: "turn diary mode (doing New will give a timestamped page)",
 		},
+		cli.StringFlag{
+			Name:  "cookie-secret",
+			Value: "secret",
+			Usage: "random data to use for cookies; changing it will invalidate all sessions",
+		},
 	}
 	app.Commands = []cli.Command{
 		{