From b9c5721c80d0ee5731911b9dd741f0158b249793 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Sat, 16 Apr 2011 08:36:03 -0600
Subject: [PATCH] generate a persistent secret for cookie encryption at first
 server run.  still in pursuit of zero-config and as stateless as possible.

---
 .gitignore                  |  1 +
 authority/server/db.js      |  2 +-
 authority/server/run.js     |  7 +++++--
 authority/server/secrets.js | 26 ++++++++++++++++++++++++++
 4 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 authority/server/secrets.js

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..9896d8771
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.sekret
diff --git a/authority/server/db.js b/authority/server/db.js
index 726d5c9dc..b59a2564d 100644
--- a/authority/server/db.js
+++ b/authority/server/db.js
@@ -276,4 +276,4 @@ exports.pubkeysForEmail = function(identity, cb) {
                }
                cb(keys);
              });
-};
\ No newline at end of file
+};
diff --git a/authority/server/run.js b/authority/server/run.js
index ea8bfa97f..3d793f26d 100644
--- a/authority/server/run.js
+++ b/authority/server/run.js
@@ -4,10 +4,13 @@ const        path = require('path'),
         httputils = require('./httputils.js'),
           connect = require('connect'),
         webfinger = require('./webfinger.js'),
-         sessions = require('cookie-sessions'); 
+         sessions = require('cookie-sessions'),
+          secrets = require('./secrets.js');
 
 const STATIC_DIR = path.join(path.dirname(__dirname), "static");
 
+const COOKIE_SECRET = secrets.hydrateSecret('cookie_secret', __dirname);
+
 exports.handler = function(request, response, serveFile) {
   // dispatch!
   var urlpath = url.parse(request.url).pathname;
@@ -42,7 +45,7 @@ exports.handler = function(request, response, serveFile) {
 exports.setup = function(server) {
   var week = (7 * 24 * 60 * 60 * 1000);
   server.use(sessions({
-      secret: 'v3wy s3kr3t',
+      secret: COOKIE_SECRET,
       session_key: "browserid_state",
       path: '/'
   }));
diff --git a/authority/server/secrets.js b/authority/server/secrets.js
new file mode 100644
index 000000000..6923a9899
--- /dev/null
+++ b/authority/server/secrets.js
@@ -0,0 +1,26 @@
+const path = require('path'),
+        fs = require('fs');
+
+function generateSecret() {
+  var str = "";
+  const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  for (var i=0; i < 128; i++) {
+    str += alphabet.charAt(Math.floor(Math.random() * alphabet.length));
+  }
+  return str;
+}
+
+exports.hydrateSecret = function(name, dir) {
+  var p = path.join(dir, name + ".sekret");
+  var fileExists = false;
+  var secret = undefined;
+    
+  try{ secret = fs.readFileSync(p).toString(); } catch(e) {};
+
+  if (secret === undefined) {
+    console.log("Generating server secret ("+name+")...");
+    secret = generateSecret();
+    fs.writeFileSync(p, secret);
+  }
+  return secret;
+};
-- 
GitLab