From 7f70769fb6c4d5190bc13a36186572f72036a8f7 Mon Sep 17 00:00:00 2001
From: Alex 'AdUser' Z <ad_user@runbox.com>
Date: Wed, 23 Aug 2017 13:00:46 +1000
Subject: [PATCH] * use random secret if not set

---
 docs/cmtd.conf.sample | 1 +
 lib/CMTD.pm           | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/docs/cmtd.conf.sample b/docs/cmtd.conf.sample
index 9782429..b924b8f 100644
--- a/docs/cmtd.conf.sample
+++ b/docs/cmtd.conf.sample
@@ -1,4 +1,5 @@
 {
+  secret => 'cookie-sign-key',
   db => ['dbi:SQLite:dbname=data/data.db'],
   captcha => {
     tries => 5,
diff --git a/lib/CMTD.pm b/lib/CMTD.pm
index 50c089a..d1b9883 100644
--- a/lib/CMTD.pm
+++ b/lib/CMTD.pm
@@ -10,6 +10,13 @@ sub startup {
 
   $self->plugin('CMTD::Helpers');
   $self->plugin(Config => {file => 'cmtd.conf'});
+  if (my $s = $self->app->config->{secret}) {
+    $self->app->secrets([ $s ]);
+  } else {
+    my $s = sprintf "%08X%08X%08X", time(), rand(), rand();
+    $self->app->log->warn("!!! You should set a sign key for cookies in config !!!");
+    $self->app->secrets([ $s ]);
+  }
 
   $self->app->attr(captcha => sub {
     my $config = $self->app->config->{captcha};