Skip to content

Commit 24ea446

Browse files
polonelpolonel
committed
fix(session): correctly load tokens from file
1 parent 278a492 commit 24ea446

File tree

3 files changed

+17
-13
lines changed

3 files changed

+17
-13
lines changed

app.js

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -48,14 +48,6 @@ if (!process.env.FORK) {
4848

4949
let configFile = path.join(__dirname, '/config.yml')
5050

51-
nconf.defaults({
52-
base_dir: __dirname,
53-
tokens: {
54-
secret: chance.hash() + chance.md5(),
55-
expires: 900
56-
}
57-
})
58-
5951
if (nconf.get('config')) {
6052
configFile = path.resolve(__dirname, nconf.get('config'))
6153
}
@@ -81,9 +73,18 @@ function loadConfig () {
8173
file: configFile,
8274
format: require('nconf-yaml')
8375
})
76+
77+
// Must load after file
78+
nconf.defaults({
79+
base_dir: __dirname,
80+
tokens: {
81+
secret: chance.hash() + chance.md5(),
82+
expires: 900
83+
}
84+
})
8485
}
8586

86-
function checkForOldConfig() {
87+
function checkForOldConfig () {
8788
const oldConfigFile = path.join(__dirname, '/config.json')
8889
if (fs.existsSync(oldConfigFile)) {
8990
// Convert config to yaml.
@@ -99,7 +100,7 @@ function checkForOldConfig() {
99100
}
100101

101102
function start () {
102-
if (!isDocker)loadConfig()
103+
if (!isDocker) loadConfig()
103104

104105
const _db = require('./src/database')
105106

src/middleware/index.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ const insecureHandlebars = APC.allowInsecurePrototypeAccess(HandleBars)
2222
const hbs = require('express-hbs')
2323
const hbsHelpers = require('../helpers/hbs/helpers')
2424
const winston = require('../logger')
25+
const nconf = require('nconf')
2526
const flash = require('connect-flash')
2627
const bodyParser = require('body-parser')
2728
const cookieParser = require('cookie-parser')
@@ -72,7 +73,8 @@ module.exports = function (app, db, callback) {
7273
maxAge: 1000 * 60 * 60 * 24 * 365 // 1 year
7374
}
7475

75-
const sessionSecret = 'trudesk$123#SessionKeY!2387'
76+
const sessionSecret = nconf.get('tokens:secret') ? nconf.get('tokens:secret') : 'trudesk$1234#SessionKeY!2288'
77+
7678
async.waterfall(
7779
[
7880
function (next) {

src/socketserver.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,8 @@ const socketServer = function (ws) {
3232

3333
const socketConfig = {
3434
pingTimeout: nconf.get('socket:pingTimeout') ? nconf.get('socket:pingTimeout') : 15000,
35-
pingInterval: nconf.get('socket:pingInterval') ? nconf.get('socket:pingInterval') : 30000
35+
pingInterval: nconf.get('socket:pingInterval') ? nconf.get('socket:pingInterval') : 30000,
36+
secret: nconf.get('tokens:secret') ? nconf.get('tokens:secret') : 'trudesk$1234#SessionKeY!2288'
3637
}
3738

3839
const io = require('socket.io')(ws.server, {
@@ -74,7 +75,7 @@ const socketServer = function (ws) {
7475
cookieParser: cookieparser,
7576
key: 'connect.sid',
7677
store: ws.sessionStore,
77-
secret: 'trudesk$123#SessionKeY!2387',
78+
secret: socketConfig.secret,
7879
success: onAuthorizeSuccess
7980
})(data, accept)
8081
}

0 commit comments

Comments
 (0)