public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

session key in settings file OR generate temp key for instance

pull/1523/head
John McLear 2013-02-13 21:51:09 +00:00
parent 5c9d081391
commit efce99c3a1
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
settings.json.template
View File

@ -15,6 +15,10 @@
"ip": "0.0.0.0",
"port" : 9001,
// Session Key, used for reconnecting user sessions
// Set this to a secure string at least 10 characters long. Do not share this value.
"sessionKey" : "",
/*
// Node native SSL support
// this is disabled by default

2
src/node/hooks/express/webaccess.js
View File

@ -103,7 +103,7 @@ exports.expressConfigure = function (hook_name, args, cb) {
if (!exports.sessionStore) {
exports.sessionStore = new ueberStore();
exports.secret = randomString(32); // Isn't this being reset each time the server spawns?
exports.secret = settings.sessionKey; // Isn't this being reset each time the server spawns?
}
args.app.use(express.cookieParser(exports.secret));

14
src/node/utils/Settings.js
View File

@ -26,6 +26,8 @@ var argv = require('./Cli').argv;
var npm = require("npm/lib/npm.js");
var vm = require('vm');
var log4js = require("log4js");
var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
/* Root path of the installation */
exports.root = path.normalize(path.join(npm.dir, ".."));
@ -112,6 +114,11 @@ exports.loglevel = "INFO";
*/
exports.logconfig = { appenders: [{ type: "console" }]};
/*
* Session Key, do not sure this.
*/
exports.sessionKey = false;
/* This setting is used if you need authentication and/or
* authorization. Note: /admin always requires authentication, and
* either authorization by a module, or a user with is_admin set */
@ -132,8 +139,6 @@ exports.abiwordAvailable = function()
}
}
exports.reloadSettings = function reloadSettings() {
// Discover where the settings file lives
var settingsFilename = argv.settings || "settings.json";
@ -184,6 +189,11 @@ exports.reloadSettings = function reloadSettings() {
log4js.setGlobalLogLevel(exports.loglevel);//set loglevel
log4js.replaceConsole();
if(!exports.sessionKey){ // If the secretKey isn't set we also create yet another unique value here
exports.sessionKey = "__bad__"+randomString(32);;
console.warn("You need to set a sessionKey value in settings.json, this will allow your users to reconnect to your Etherpad Instance if your instance restarts");
}
if(exports.dbType === "dirty"){
console.warn("DirtyDB is used. This is fine for testing but not recommended for production.")
}