mirror of
https://github.com/dani/vroom.git
synced 2024-06-13 18:10:10 +02:00
Automatically handle cookie signing keys
Which will get renewed every 24 hours. Remove the now useless cookie section of the config
This commit is contained in:
parent
c8d6bde2de
commit
14b6298d77
|
@ -51,12 +51,6 @@ credentials = 'rest'
|
||||||
; Default to 0
|
; Default to 0
|
||||||
;demo = 0
|
;demo = 0
|
||||||
|
|
||||||
[cookie]
|
|
||||||
; Secret passphrase used to sign cookies. You must set this
|
|
||||||
;secret = '1zEewX24ZD%2RvtF%e'
|
|
||||||
; Cookie name, You shouldn't have to change this
|
|
||||||
;name = 'vroom'
|
|
||||||
|
|
||||||
[rooms]
|
[rooms]
|
||||||
; After this amount of time in minutes, rooms without any activity will be purged
|
; After this amount of time in minutes, rooms without any activity will be purged
|
||||||
;inactivity_timeout = '60'
|
;inactivity_timeout = '60'
|
||||||
|
|
|
@ -6,7 +6,15 @@ CREATE TABLE `config` (
|
||||||
UNIQUE (`key`)
|
UNIQUE (`key`)
|
||||||
) ENGINE INNODB DEFAULT CHARSET=utf8;
|
) ENGINE INNODB DEFAULT CHARSET=utf8;
|
||||||
INSERT INTO `config` (`key`,`value`)
|
INSERT INTO `config` (`key`,`value`)
|
||||||
VALUES ('schema_version', '6');
|
VALUES ('schema_version', '7');
|
||||||
|
|
||||||
|
CREATE TABLE `session_keys` (
|
||||||
|
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||||
|
`key` VARCHAR(160) NOT NULL,
|
||||||
|
`date` DATETIME NOT NULL DEFAULT 0,
|
||||||
|
PRIMARY KEY (`id`),
|
||||||
|
INDEX (`date`)
|
||||||
|
) ENGINE INNODB DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
CREATE TABLE `rooms` (
|
CREATE TABLE `rooms` (
|
||||||
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||||
|
|
|
@ -32,8 +32,6 @@ sub get_conf(){
|
||||||
$config->{'interface.template'} ||= 'default';
|
$config->{'interface.template'} ||= 'default';
|
||||||
$config->{'interface.chrome_extension_id'} ||= 'ecicdpoejfllflombfanbhfpgcimjddn';
|
$config->{'interface.chrome_extension_id'} ||= 'ecicdpoejfllflombfanbhfpgcimjddn';
|
||||||
$config->{'interface.chrome_extension_id'} ||= 0;
|
$config->{'interface.chrome_extension_id'} ||= 0;
|
||||||
$config->{'cookie.secret'} ||= 'secret';
|
|
||||||
$config->{'cookie.name'} ||= 'vroom';
|
|
||||||
$config->{'rooms.inactivity_timeout'} ||= 60;
|
$config->{'rooms.inactivity_timeout'} ||= 60;
|
||||||
$config->{'rooms.reserved_inactivity_timeout'} ||= 86400;
|
$config->{'rooms.reserved_inactivity_timeout'} ||= 86400;
|
||||||
$config->{'rooms.common_names'} ||= '';
|
$config->{'rooms.common_names'} ||= '';
|
||||||
|
|
|
@ -7,7 +7,7 @@ use base 'Exporter';
|
||||||
our @EXPORT = qw/DB_VERSION COMPONENTS MOH JS_STRINGS API_ACTIONS/;
|
our @EXPORT = qw/DB_VERSION COMPONENTS MOH JS_STRINGS API_ACTIONS/;
|
||||||
|
|
||||||
# Database version
|
# Database version
|
||||||
use constant DB_VERSION => 6;
|
use constant DB_VERSION => 7;
|
||||||
|
|
||||||
# Components used to generate the credits part
|
# Components used to generate the credits part
|
||||||
use constant COMPONENTS => {
|
use constant COMPONENTS => {
|
||||||
|
|
|
@ -145,3 +145,24 @@ if ($cur_ver < 6){
|
||||||
print "Successfully upgraded to schema version 6\n";
|
print "Successfully upgraded to schema version 6\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($cur_ver < 7){
|
||||||
|
print "Upgrading the schema to version 7\n";
|
||||||
|
eval {
|
||||||
|
$dbh->begin_work;
|
||||||
|
$dbh->do(qq{ CREATE TABLE `session_keys` (`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||||
|
`key` VARCHAR(160) NOT NULL,
|
||||||
|
`date` DATETIME NOT NULL DEFAULT 0,
|
||||||
|
PRIMARY KEY (`id`),
|
||||||
|
INDEX (`date`))
|
||||||
|
ENGINE INNODB DEFAULT CHARSET=utf8; });
|
||||||
|
$dbh->do(qq{ UPDATE `config` SET `value`='7' WHERE `key`='schema_version' });
|
||||||
|
$dbh->commit;
|
||||||
|
};
|
||||||
|
if ($@){
|
||||||
|
print "An error occurred: " . $dbh->errstr . "\n";
|
||||||
|
local $dbh->{RaiseError} = 0;
|
||||||
|
$dbh->rollback;
|
||||||
|
exit 255;
|
||||||
|
};
|
||||||
|
print "Successfully upgraded to schema version 7\n";
|
||||||
|
}
|
||||||
|
|
|
@ -358,17 +358,6 @@ cp /opt/vroom/conf/settings.ini.dist /opt/vroom/conf/settings.ini</pre>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
<h3 id="settings_cookie">
|
|
||||||
cookie
|
|
||||||
</h3>
|
|
||||||
<p>
|
|
||||||
This section controls the cookie used for VROOM sessions. The available settings are
|
|
||||||
<ul>
|
|
||||||
<li><strong>secret</strong>: A secret passphrase to sign cookies. Must be changed !!!
|
|
||||||
<li><strong>name</strong>: The name of the cookie. Default is <strong>vroom</strong></li>
|
|
||||||
</ul>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<h3 id="settings_rooms">
|
<h3 id="settings_rooms">
|
||||||
rooms
|
rooms
|
||||||
</h3>
|
</h3>
|
||||||
|
|
48
vroom.pl
48
vroom.pl
|
@ -143,6 +143,39 @@ helper check_db_version => sub {
|
||||||
return ($ver eq Vroom::Constants::DB_VERSION) ? '1' : '0';
|
return ($ver eq Vroom::Constants::DB_VERSION) ? '1' : '0';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Generate and manage rotation of session keys
|
||||||
|
# used to sign cookies
|
||||||
|
helper update_session_keys => sub {
|
||||||
|
my $self = shift;
|
||||||
|
# First, delete obsolete session keys
|
||||||
|
my $sth = eval {
|
||||||
|
$self->db->prepare('DELETE FROM `session_keys`
|
||||||
|
WHERE `date` < DATE_SUB(CONVERT_TZ(NOW(), @@session.time_zone, \'+00:00\'), INTERVAL 72 HOUR)');
|
||||||
|
};
|
||||||
|
$sth->execute;
|
||||||
|
# Now, retrieve all remaining keys, to check if we have enough of them
|
||||||
|
$sth = eval {
|
||||||
|
$self->db->prepare('SELECT `key` FROM `session_keys`
|
||||||
|
ORDER BY `date` DESC');
|
||||||
|
};
|
||||||
|
$sth->execute;
|
||||||
|
my $keys = $sth->fetchall_hashref('key');
|
||||||
|
my @keys = keys %$keys;
|
||||||
|
if (scalar @keys < 3){
|
||||||
|
$self->app->log->debug("Generating a new key to sign session cookies");
|
||||||
|
my $new_key = Session::Token->new(alphabet => ['a'..'z', 'A'..'Z', '0'..'9', '.:;,/!%$#~{([-_)]}=+*|'], entropy => 512)->get;
|
||||||
|
unshift @keys, $new_key;
|
||||||
|
$self->app->log->info("new key: $new_key");
|
||||||
|
$sth = eval {
|
||||||
|
$self->db->prepare('INSERT INTO `session_keys` (`key`,`date`)
|
||||||
|
VALUES (?,NOW())');
|
||||||
|
};
|
||||||
|
$sth->execute($new_key);
|
||||||
|
}
|
||||||
|
$self->app->secrets(\@keys);
|
||||||
|
return 1;
|
||||||
|
};
|
||||||
|
|
||||||
# Return human readable username if it exists, or just the session ID
|
# Return human readable username if it exists, or just the session ID
|
||||||
helper get_name => sub {
|
helper get_name => sub {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
@ -1231,6 +1264,11 @@ Mojo::IOLoop->recurring( 900 => sub {
|
||||||
app->purge_invitations;
|
app->purge_invitations;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
# Check every 24h if session keys needs updating
|
||||||
|
Mojo::IOLoop->recurring( 86400 => sub {
|
||||||
|
app->update_session_keys;
|
||||||
|
});
|
||||||
|
|
||||||
# Route / to the index page
|
# Route / to the index page
|
||||||
get '/' => sub {
|
get '/' => sub {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
@ -2070,10 +2108,12 @@ get '/:room' => sub {
|
||||||
# use the templates defined in the config
|
# use the templates defined in the config
|
||||||
push @{app->renderer->paths}, 'templates/'.$config->{'interface.template'};
|
push @{app->renderer->paths}, 'templates/'.$config->{'interface.template'};
|
||||||
|
|
||||||
# Set the secret used to sign cookies
|
|
||||||
app->secrets([$config->{'cookie.secret'}]);
|
app->update_session_keys;
|
||||||
|
# Set log level
|
||||||
|
app->log->level($config->{'daemon.log_level'});
|
||||||
app->sessions->secure(1);
|
app->sessions->secure(1);
|
||||||
app->sessions->cookie_name($config->{'cookie.name'});
|
app->sessions->cookie_name('vroom');
|
||||||
app->hook(before_dispatch => sub {
|
app->hook(before_dispatch => sub {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
# Switch to the desired language
|
# Switch to the desired language
|
||||||
|
@ -2109,8 +2149,6 @@ app->config(
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
# Set log level
|
|
||||||
app->log->level($config->{'daemon.log_level'});
|
|
||||||
app->log->info('Starting VROOM daemon');
|
app->log->info('Starting VROOM daemon');
|
||||||
# And start, lets VROOM !!
|
# And start, lets VROOM !!
|
||||||
app->start;
|
app->start;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user