diff options
Diffstat (limited to 'server/src/routes/ui/account/session/token.rs')
| -rw-r--r-- | server/src/routes/ui/account/session/token.rs | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/server/src/routes/ui/account/session/token.rs b/server/src/routes/ui/account/session/token.rs index c8913d3..c02eff7 100644 --- a/server/src/routes/ui/account/session/token.rs +++ b/server/src/routes/ui/account/session/token.rs @@ -4,6 +4,7 @@ Copyright (C) 2023 metamuffin <metamuffin.org> */ use super::SessionData; +use crate::CONF; use aes_gcm_siv::{ aead::{generic_array::GenericArray, Aead}, KeyInit, @@ -11,9 +12,21 @@ use aes_gcm_siv::{ use anyhow::anyhow; use base64::Engine; use chrono::{Duration, Utc}; +use log::warn; use std::sync::LazyLock; -static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| [(); 32].map(|_| rand::random())); +static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| { + if let Some(sk) = &CONF.session_key { + let r = base64::engine::general_purpose::STANDARD + .decode(sk) + .expect("key invalid; should be valid base64"); + r.try_into() + .expect("key has the wrong length; should be 32 bytes") + } else { + warn!("session_key not configured; generating a random one."); + [(); 32].map(|_| rand::random()) + } +}); pub fn create(username: String, expire: Duration) -> String { let session_data = SessionData { |