aboutsummaryrefslogtreecommitdiff
path: root/server/src/routes
diff options
context:
space:
mode:
Diffstat (limited to 'server/src/routes')
-rw-r--r--server/src/routes/mod.rs13
-rw-r--r--server/src/routes/ui/account/session/token.rs15
2 files changed, 26 insertions, 2 deletions
diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs
index 0305104..7f4789d 100644
--- a/server/src/routes/mod.rs
+++ b/server/src/routes/mod.rs
@@ -5,7 +5,10 @@
*/
use crate::{database::Database, routes::ui::error::MyResult, CONF};
use api::{r_api_account_login, r_api_root, r_api_version};
+use base64::Engine;
use jellyremuxer::RemuxerContext;
+use log::warn;
+use rand::random;
use rocket::{
catchers, config::SecretKey, fairing::AdHoc, fs::FileServer, get, http::Header, routes, Build,
Config, Rocket,
@@ -45,7 +48,15 @@ macro_rules! uri {
pub fn build_rocket(remuxer: RemuxerContext, database: Database) -> Rocket<Build> {
rocket::build()
.configure(Config {
- secret_key: SecretKey::derive_from(CONF.cookie_key.as_bytes()),
+ secret_key: SecretKey::derive_from(
+ CONF.cookie_key
+ .clone()
+ .unwrap_or_else(|| {
+ warn!("cookie_key not configured, generating a random one.");
+ base64::engine::general_purpose::STANDARD.encode([(); 32].map(|_| random()))
+ })
+ .as_bytes(),
+ ),
..Default::default()
})
.manage(remuxer)
diff --git a/server/src/routes/ui/account/session/token.rs b/server/src/routes/ui/account/session/token.rs
index c8913d3..c02eff7 100644
--- a/server/src/routes/ui/account/session/token.rs
+++ b/server/src/routes/ui/account/session/token.rs
@@ -4,6 +4,7 @@
Copyright (C) 2023 metamuffin <metamuffin.org>
*/
use super::SessionData;
+use crate::CONF;
use aes_gcm_siv::{
aead::{generic_array::GenericArray, Aead},
KeyInit,
@@ -11,9 +12,21 @@ use aes_gcm_siv::{
use anyhow::anyhow;
use base64::Engine;
use chrono::{Duration, Utc};
+use log::warn;
use std::sync::LazyLock;
-static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| [(); 32].map(|_| rand::random()));
+static SESSION_KEY: LazyLock<[u8; 32]> = LazyLock::new(|| {
+ if let Some(sk) = &CONF.session_key {
+ let r = base64::engine::general_purpose::STANDARD
+ .decode(sk)
+ .expect("key invalid; should be valid base64");
+ r.try_into()
+ .expect("key has the wrong length; should be 32 bytes")
+ } else {
+ warn!("session_key not configured; generating a random one.");
+ [(); 32].map(|_| rand::random())
+ }
+});
pub fn create(username: String, expire: Duration) -> String {
let session_data = SessionData {
generated by cgit v1.2.3-70-g09d2 (git 2.51.0) at 2025-10-08 19:09:34 +0000