* use random secret if not set

7 years ago · 7f70769fb6
2 changed files with 8 additions and 0 deletions
--- a/docs/cmtd.conf.sample
+++ b/docs/cmtd.conf.sample
@ -1,4 +1,5 @@
 {
+  secret => 'cookie-sign-key',
  db => ['dbi:SQLite:dbname=data/data.db'],
  captcha => {
    tries => 5,
--- a/lib/CMTD.pm
+++ b/lib/CMTD.pm
@ -10,6 +10,13 @@ sub startup {

  $self->plugin('CMTD::Helpers');
  $self->plugin(Config => {file => 'cmtd.conf'});
+  if (my $s = $self->app->config->{secret}) {
+    $self->app->secrets([ $s ]);
+  } else {
+    my $s = sprintf "%08X%08X%08X", time(), rand(), rand();
+    $self->app->log->warn("!!! You should set a sign key for cookies in config !!!");
+    $self->app->secrets([ $s ]);
+  }

  $self->app->attr(captcha => sub {
    my $config = $self->app->config->{captcha};