Config: Mandatory hmac key (#3955)
This commit is contained in:
commit
9060cc4e53
3 changed files with 19 additions and 4 deletions
|
@ -455,13 +455,17 @@ jobs:
|
|||
#use_pubsub_feeds: false
|
||||
|
||||
##
|
||||
## HMAC signing key used for CSRF tokens and pubsub
|
||||
## HMAC signing key used for CSRF tokens, cookies and pubsub
|
||||
## subscriptions verification.
|
||||
##
|
||||
## Note: This parameter is mandatory and should be a random string.
|
||||
## Such random string can be generated on linux with the following
|
||||
## command: `pwdgen 20 1`
|
||||
##
|
||||
## Accepted values: a string
|
||||
## Default: <none>
|
||||
##
|
||||
#hmac_key:
|
||||
hmac_key: "CHANGE_ME!!"
|
||||
|
||||
##
|
||||
## List of video IDs where the "download" widget must be
|
||||
|
|
|
@ -30,6 +30,7 @@ services:
|
|||
# domain:
|
||||
# https_only: false
|
||||
# statistics_enabled: false
|
||||
hmac_key: "CHANGE_ME!!"
|
||||
healthcheck:
|
||||
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
|
||||
interval: 30s
|
||||
|
|
|
@ -85,7 +85,7 @@ class Config
|
|||
# Used to tell Invidious it is behind a proxy, so links to resources should be https://
|
||||
property https_only : Bool?
|
||||
# HMAC signing key for CSRF tokens and verifying pubsub subscriptions
|
||||
property hmac_key : String?
|
||||
property hmac_key : String = ""
|
||||
# Domain to be used for links to resources on the site where an absolute URL is required
|
||||
property domain : String?
|
||||
# Subscribe to channels using PubSubHubbub (requires domain, hmac_key)
|
||||
|
@ -204,6 +204,16 @@ class Config
|
|||
end
|
||||
{% end %}
|
||||
|
||||
# HMAC_key is mandatory
|
||||
# See: https://github.com/iv-org/invidious/issues/3854
|
||||
if config.hmac_key.empty?
|
||||
puts "Config: 'hmac_key' is required/can't be empty"
|
||||
exit(1)
|
||||
elsif config.hmac_key == "CHANGE_ME!!"
|
||||
puts "Config: The value of 'hmac_key' needs to be changed!!"
|
||||
exit(1)
|
||||
end
|
||||
|
||||
# Build database_url from db.* if it's not set directly
|
||||
if config.database_url.to_s.empty?
|
||||
if db = config.db
|
||||
|
@ -216,7 +226,7 @@ class Config
|
|||
path: db.dbname,
|
||||
)
|
||||
else
|
||||
puts "Config : Either database_url or db.* is required"
|
||||
puts "Config: Either database_url or db.* is required"
|
||||
exit(1)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue