Add session secret env variable

2017-08-07 12:09:50 -05:00 · 2017-08-07 12:09:50 -05:00 · c6c2a8ac0c
parent 7ad85de15f
commit c6c2a8ac0c
4 changed files with 8 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -38,6 +38,8 @@ Available Environment Variables:
  * **SSL_VERIFY** - should the certificate be verified if using SSL (default: `true`)
  * **REGISTRY_PUBLIC_URL** - optional url to use for displaying in pull command and footer (default: `REGISTRY_HOST`:`REGISTRY_PORT`)
  * **ALLOW_REGISTRY_LOGIN** - Adds a login option to the UI for logging into the Registry for each user
+  * **SESSION_SECRET** - The session secret for storing the user credentials passed in via `ALLOW_REGISTRY_LOGIN`
+    * note: You should set this to a long random string if you are using `ALLOW_REGISTRY_LOGIN`
  * **REGISTRY_USERNAME** - the username to use if the registry has auth enabled (if `ALLOW_REGISTRY_LOGIN` enabled, this is overridden by the user's session)
  * **REGISTRY_PASSWORD** - the password to use if the registry has auth enabled (if `ALLOW_REGISTRY_LOGIN` enabled, this is overridden by the user's session)
  * **TITLE** - Changes the brand title (for those that like to change that sort of thing)
--- a/app/components/LayerInfo.jsx
+++ b/app/components/LayerInfo.jsx
@ -6,6 +6,7 @@ export default class LayerInfo extends Component {
  render() {
    return (
      <div>
+        <h3>Layer Info</h3>
        {this.props.info.map((i, index) => (
            <Layer key={index} info={i}/>
          ))}
--- a/lib/config.rb
+++ b/lib/config.rb
@ -13,7 +13,8 @@ class Configuration
                :version,
                :debug,
                :login_allowed,
-                :title
+                :title,
+                :session_secret

  def initialize
    @registry_username   = ENV['REGISTRY_USERNAME']
@ -30,6 +31,7 @@ class Configuration
    @debug               = to_bool(ENV['DEBUG'] || 'false')
    @login_allowed       = to_bool(ENV['ALLOW_REGISTRY_LOGIN'] || 'false')
    @title               = ENV['TITLE'] || "Crane Operator"
+    @session_secret      = ENV['SESSION_SECRET'] || "insecure-session-secret!"
  end

  def to_bool(str)
@ -56,6 +58,7 @@ class Configuration
      :debug               => @debug,
      :login_allowed       => @login_allowed,
      :title               => @title,
+      :session_secret      => @session_secret,
    }
  end

--- a/server.rb
+++ b/server.rb
@ -24,7 +24,7 @@ class CraneOp < Sinatra::Base
    set :max_age, "1728000"
    set :expose_headers, ['Content-Type']
    set :json_encoder, :to_json
-    set :session_secret, (ENV["SESSION_SECRET"] || "insecure-session-secret!")
+    set :session_secret, Configuration.new.session_secret
  end

  def conf