From 33566572fb381ba4a166c2953caa0b2a3e4dccd6 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Fri, 15 Nov 2024 00:35:57 +0000 Subject: [PATCH] generate session secret key randomly each application start, bump app version 1.0.6 --- app/app.go | 19 +++++++++++++++---- app/utils.go | 1 - configs/template.config.json | 1 - test/test_config.json | 1 - test/unit_test.go | 1 - 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/app/app.go b/app/app.go index a729329..f28adf8 100644 --- a/app/app.go +++ b/app/app.go @@ -1,6 +1,7 @@ package app import ( + "crypto/rand" "encoding/gob" "flag" "log" @@ -15,7 +16,7 @@ import ( ) var LDAPSessions map[string]*LDAPClient -var AppVersion = "1.0.5" +var AppVersion = "1.0.6" var APIVersion = "1.0.4" func Run() { @@ -28,13 +29,20 @@ func Run() { config, err := GetConfig(*configPath) if err != nil { - log.Fatal("Error when reading config file: ", err) + log.Fatalf("Error when reading config file: %s\n", err) } log.Printf("Read in config from %s\n", *configPath) + secretKey := make([]byte, 256) + n, err := rand.Read(secretKey) + if err != nil { + log.Fatalf("Error when generating session secret key: %s\n", err.Error()) + } + log.Printf("Generated session secret key of length %d\n", n) + gin.SetMode(gin.ReleaseMode) router := gin.Default() - store := cookie.NewStore([]byte(config.SessionSecretKey)) + store := cookie.NewStore(secretKey) store.Options(sessions.Options{ Path: config.SessionCookie.Path, HttpOnly: config.SessionCookie.HttpOnly, @@ -310,5 +318,8 @@ func Run() { log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort)) - router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort)) + err = router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort)) + if err != nil { + log.Fatalf("Error starting router: %s", err.Error()) + } } diff --git a/app/utils.go b/app/utils.go index d1b9e71..4643689 100644 --- a/app/utils.go +++ b/app/utils.go @@ -13,7 +13,6 @@ type Config struct { LdapURL string `json:"ldapURL"` StartTLS bool `json:"startTLS"` BaseDN string `json:"baseDN"` - SessionSecretKey string `json:"sessionSecretKey"` SessionCookieName string `json:"sessionCookieName"` SessionCookie struct { Path string `json:"path"` diff --git a/configs/template.config.json b/configs/template.config.json index cfda43d..585b129 100644 --- a/configs/template.config.json +++ b/configs/template.config.json @@ -3,7 +3,6 @@ "ldapURL": "ldap://localhost", "startTLS": true, "basedn": "dc=example,dc=com", - "sessionSecretKey": "super secret key", "sessionCookieName": "PAASLDAPAuthTicket", "sessionCookie": { "path": "/", diff --git a/test/test_config.json b/test/test_config.json index 243b83f..5dc2ded 100644 --- a/test/test_config.json +++ b/test/test_config.json @@ -3,7 +3,6 @@ "ldapURL": "ldap://localhost", "startTLS": true, "basedn": "dc=test,dc=paasldap", - "sessionSecretKey": "test", "sessionCookieName": "PAASLDAPAuthTicket", "sessionCookie": { "path": "/", diff --git a/test/unit_test.go b/test/unit_test.go index ea9504d..1142b8f 100644 --- a/test/unit_test.go +++ b/test/unit_test.go @@ -18,7 +18,6 @@ func TestConfig_ValidPath(t *testing.T) { AssertEquals(t, "config.ListenPort", config.ListenPort, 80) AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost") AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap") - AssertEquals(t, "config.SessionSecretKey", config.SessionSecretKey, "test") AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket") AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/") AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true)