diff options
| -rw-r--r-- | common/src/config.rs | 29 | ||||
| -rw-r--r-- | server/src/routes/mod.rs | 13 | ||||
| -rw-r--r-- | server/src/routes/ui/account/session/token.rs | 15 |
3 files changed, 47 insertions, 10 deletions
diff --git a/common/src/config.rs b/common/src/config.rs index b978a1e..da1cfb5 100644 --- a/common/src/config.rs +++ b/common/src/config.rs @@ -7,18 +7,31 @@ use serde::{Deserialize, Serialize}; use std::{collections::HashMap, path::PathBuf}; +#[rustfmt::skip] #[derive(Debug, Deserialize, Serialize, Default)] pub struct GlobalConfig { pub brand: String, pub slogan: String, + #[serde(default = "default::asset_path")] pub asset_path: PathBuf, + #[serde(default = "default::database_path")] pub database_path: PathBuf, + #[serde(default = "default::library_path")] pub library_path: PathBuf, + #[serde(default = "default::cache_path")] pub cache_path: PathBuf, + #[serde(default = "default::admin_username")] pub admin_username: String, + pub admin_password: String, + #[serde(default)] pub cookie_key: Option<String>, + #[serde(default)] pub session_key: Option<String>, + #[serde(default = "default::login_expire")] pub login_expire: i64, + #[serde(default)] pub remote_credentials: HashMap<String, (String, String, bool)>, +} - pub asset_path: PathBuf, - pub database_path: PathBuf, - pub library_path: PathBuf, +#[rustfmt::skip] +mod default { + use std::path::PathBuf; - pub admin_username: String, - pub admin_password: String, - pub cookie_key: String, - pub login_expire: i64, - pub remote_credentials: HashMap<String, (String, String, bool)>, + pub fn admin_username() -> String { "admin".into() } + pub fn login_expire() -> i64 { 60*60*24 } + pub fn asset_path() -> PathBuf { "data/assets".into() } + pub fn database_path() -> PathBuf { "data/database".into() } + pub fn library_path() -> PathBuf { "data/library".into() } + pub fn cache_path() -> PathBuf { "data/cache".into() } } diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs index 0305104..7f4789d 100644 --- a/server/src/routes/mod.rs +++ b/server/src/routes/mod.rs @@ -5,7 +5,10 @@ */ use crate::{database::Database, routes::ui::error::MyResult, CONF}; use api::{r_api_account_login, r_api_root, r_api_version}; +use base64::Engine; use jellyremuxer::RemuxerContext; +use log::warn; +use rand::random; use rocket::{ catchers, config::SecretKey, fairing::AdHoc, fs::FileServer, get, http::Header, routes, Build, Config, Rocket, @@ -45,7 +48,15 @@ macro_rules! uri { pub fn build_rocket(remuxer: RemuxerContext, database: Database) -> Rocket<Build> { rocket::build() .configure(Config { - secret_key: SecretKey::derive_from(CONF.cookie_key.as_bytes()), + secret_key: SecretKey::derive_from( + CONF.cookie_key + .clone() + .unwrap_or_else(|| { + warn!("cookie_key not configured, generating a random one."); + base64::engine::general_purpose::STANDARD.encode([(); 32].map(|_| random())) + }) + .as_bytes(), + ), ..Default::default() }) .manage(remuxer) diff --git a/server/src/routes/ui/account/session/token.rs b/server/src/routes/ui/account/session/token.rs index c8913d3..c02eff7 100644 --- a/server/src/routes/ui/account/session/token.rs +++ b/server/src/routes/ui/account/session/token.rs @@ -4,6 +4,7 @@ Copyright (C) 2023 metamuffin <metamuffin.org> */ use super::SessionData; +use crate::CONF; use aes_gcm_siv::{ aead::{generic_array::GenericArray, Aead}, KeyInit, @@ -11,9 +12,21 @@ use aes_gcm_siv::{ use anyhow::anyhow; use base64::Engine; use chrono::{Duration, Utc}; +use log::warn; use std::sync::LazyLock; -static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| [(); 32].map(|_| rand::random())); +static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| { + if let Some(sk) = &CONF.session_key { + let r = base64::engine::general_purpose::STANDARD + .decode(sk) + .expect("key invalid; should be valid base64"); + r.try_into() + .expect("key has the wrong length; should be 32 bytes") + } else { + warn!("session_key not configured; generating a random one."); + [(); 32].map(|_| rand::random()) + } +}); pub fn create(username: String, expire: Duration) -> String { let session_data = SessionData { |