diff --git a/config/cfg.rb b/config/cfg.rb index 4b9a52a..88dbf31 100644 --- a/config/cfg.rb +++ b/config/cfg.rb @@ -14,6 +14,8 @@ module Asciinema attribute :google_analytics_id, String attribute :home_asciicast_id, String attribute :secret_key_base, String + attribute :session_encryption_salt, String, default: 'encrypted cookie' + attribute :session_signing_salt, String, default: 'signed encrypted cookie' attribute :admin_ids, Array[Integer] attribute :smtp_settings, Hash attribute :smtp_from_address, String diff --git a/config/config.exs b/config/config.exs index 2f27171..24e6212 100644 --- a/config/config.exs +++ b/config/config.exs @@ -12,7 +12,7 @@ config :asciinema, # Configures the endpoint config :asciinema, Asciinema.Endpoint, url: [host: "localhost"], - secret_key_base: "cMyA6OaN0/eg6Q9+/0dzdERa3Tqp7BxP/SACWXL+XA+V5MUgf5DirQmX9mFT/iIF", + secret_key_base: System.get_env("SECRET_KEY_BASE") || "60BnXnzGGwwiZj91YA9XYKF9BCiM7lQ/1um8VXcWWLSdUp9OcPZV6YnQv7eFTYSY", render_errors: [view: Asciinema.ErrorView, accepts: ~w(html json)], pubsub: [name: Asciinema.PubSub, adapter: Phoenix.PubSub.PG2] diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index aca6e5e..6afd821 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,3 +1,5 @@ # Be sure to restart your server when you modify this file. Rails.application.config.session_store :cookie_store, key: '_asciinema_session', secure: CFG.ssl? +Rails.application.config.action_dispatch.encrypted_cookie_salt = CFG.session_encryption_salt +Rails.application.config.action_dispatch.encrypted_signed_cookie_salt = CFG.session_signing_salt diff --git a/lib/asciinema/endpoint.ex b/lib/asciinema/endpoint.ex index 1945a7e..888ac78 100644 --- a/lib/asciinema/endpoint.ex +++ b/lib/asciinema/endpoint.ex @@ -30,13 +30,17 @@ defmodule Asciinema.Endpoint do plug Plug.MethodOverride plug Plug.Head - # The session will be stored in the cookie and signed, - # this means its contents can be read but not tampered with. - # Set :encryption_salt if you would also like to encrypt it. plug Plug.Session, - store: :cookie, - key: "_asciinema_key", - signing_salt: "bAmOWL3A" + store: PlugRailsCookieSessionStore, + key: "_asciinema_session", + secure: System.get_env("SCHEME") == "https", + signing_salt: System.get_env("SESSION_SIGNING_SALT") || "signed encrypted cookie", + encrypt: true, + encryption_salt: System.get_env("SESSION_ENCRYPTION_SALT") || "encrypted cookie", + key_iterations: 1000, + key_length: 64, + key_digest: :sha, + serializer: Poison plug Asciinema.Router end diff --git a/mix.exs b/mix.exs index e9237f1..7da47bb 100644 --- a/mix.exs +++ b/mix.exs @@ -19,7 +19,7 @@ defmodule Asciinema.Mixfile do def application do [mod: {Asciinema, []}, applications: [:phoenix, :phoenix_pubsub, :phoenix_html, :cowboy, :logger, :gettext, - :phoenix_ecto, :postgrex]] + :phoenix_ecto, :postgrex, :plug_rails_cookie_session_store]] end # Specifies which paths to compile per environment. @@ -39,6 +39,8 @@ defmodule Asciinema.Mixfile do {:gettext, "~> 0.11"}, {:earmark, github: "pragdave/earmark", override: true}, {:phoenix_markdown, "~> 0.1"}, + {:plug_rails_cookie_session_store, "~> 0.1"}, + {:poison, "~> 2.2"}, {:cowboy, "~> 1.0"}] end diff --git a/mix.lock b/mix.lock index 1e2c427..bbe947a 100644 --- a/mix.lock +++ b/mix.lock @@ -15,6 +15,7 @@ "phoenix_markdown": {:hex, :phoenix_markdown, "0.1.2", "492afec13db19a4fa77d5c10404075d71b825c3aaae87caaf5ded96d422b64fd", [:mix], [{:earmark, "~> 1.0.1", [hex: :earmark, optional: false]}, {:phoenix, "~> 1.1", [hex: :phoenix, optional: false]}, {:phoenix_html, "~> 2.3", [hex: :phoenix_html, optional: false]}]}, "phoenix_pubsub": {:hex, :phoenix_pubsub, "1.0.0", "c31af4be22afeeebfaf246592778c8c840e5a1ddc7ca87610c41ccfb160c2c57", [:mix], []}, "plug": {:hex, :plug, "1.2.0", "496bef96634a49d7803ab2671482f0c5ce9ce0b7b9bc25bc0ae8e09859dd2004", [:mix], [{:cowboy, "~> 1.0", [hex: :cowboy, optional: true]}, {:mime, "~> 1.0", [hex: :mime, optional: false]}]}, + "plug_rails_cookie_session_store": {:hex, :plug_rails_cookie_session_store, "0.1.0", "8d87967eb2d4d25837e1b5778265aebf8ac797291d6ff65dbd828c4ffa7f0955", [:mix], [{:cowboy, "~> 1.0", [hex: :cowboy, optional: true]}, {:plug, ">= 0.9.0", [hex: :plug, optional: false]}]}, "poison": {:hex, :poison, "2.2.0", "4763b69a8a77bd77d26f477d196428b741261a761257ff1cf92753a0d4d24a63", [:mix], []}, "poolboy": {:hex, :poolboy, "1.5.1", "6b46163901cfd0a1b43d692657ed9d7e599853b3b21b95ae5ae0a777cf9b6ca8", [:rebar], []}, "postgrex": {:hex, :postgrex, "0.11.2", "139755c1359d3c5c6d6e8b1ea72556d39e2746f61c6ddfb442813c91f53487e8", [:mix], [{:connection, "~> 1.0", [hex: :connection, optional: false]}, {:db_connection, "~> 1.0-rc", [hex: :db_connection, optional: false]}, {:decimal, "~> 1.0", [hex: :decimal, optional: false]}]},