chore: Simpler secret setup

EagerELK · Jun 9, 2024 · 11f32f9 · 11f32f9
1 parent bfee340
commit 11f32f9
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 12 deletions.
diff --git a/lib/ditty/tasks/ditty.rake b/lib/ditty/tasks/ditty.rake
@@ -11,14 +11,16 @@ namespace :ditty do
   end
 
   desc 'Prepare Ditty'
-  task prep: ['generate_tokens', 'prep:folders', 'prep:public', 'prep:migrations']
+  task prep: ['prep:folders', 'generate_tokens', 'prep:public', 'prep:migrations']
 
   desc 'Generate the needed tokens'
   task :generate_tokens do
     puts 'Generating the Ditty tokens'
+
     require 'securerandom'
-    File.write('.session_secret', SecureRandom.random_bytes(40)) unless File.file?('.session_secret')
-    File.write('.token_secret', SecureRandom.random_bytes(40)) unless File.file?('.token_secret')
+    unless File.file?('.session_secret') || ENV.fetch('SECRET_SEED', nil)
+      File.write('./config/.secret_seed', SecureRandom.random_bytes(40))
+    end
   end
 
   desc 'Seed the Ditty database'
@@ -116,7 +118,7 @@ namespace :ditty do
 
       puts "** [ditty] Running Ditty Migrations to #{args[:version]}"
       ::Sequel.extension :migration
-      ::Sequel::Migrator.run(::DB, folder, target: args[:version].to_i)
+      ::Sequel::Migrator.run(::DB, folder, target: args[:version])
     end
 
     desc 'Migrate Ditty database to latest version'

diff --git a/lib/ditty/templates/config.ru b/lib/ditty/templates/config.ru
@@ -4,23 +4,31 @@ require 'dotenv/load'
 
 # Last Gasp Effort to catch the error
 require 'ditty/middleware/error_catchall'
-use ::Ditty::Middleware::ErrorCatchall if ENV['APP_ENV'] == 'production'
+use Ditty::Middleware::ErrorCatchall if ENV['APP_ENV'] == 'production'
 
 require 'rack/static'
 use Rack::Static, urls: ['/favicon.ico', '/js/', '/images/', '/css/'], root: 'public'
 
 # Session
+secret = if ENV.fetch('SECRET_SEED', nil)
+  Base64.decode64(ENV.fetch('SECRET_SEED'))
+elsif File.exist?('config/.secret_seed')
+  File.read('config/.secret_seed')
+else
+  raise 'No secret seed set up yet'
+end
 use Rack::Session::Cookie,
     key: '_Ditty_session',
     path: '/',
-    # :secure=>!TEST_MODE, # Uncomment if only allowing https:// access
-    secret: File.read('.session_secret')
+    secure: ENV.fetch('APP_ENV', 'development') == 'production',
+    secret: secret
 
 require './application'
+
 require 'ditty/services/authentication'
 use OmniAuth::Builder do
-  ::Ditty::Services::Authentication.providers.each do |prov|
-    provider prov, *::Ditty::Services::Authentication.config[prov][:arguments]
+  Ditty::Services::Authentication.providers.each do |prov|
+    provider prov, *Ditty::Services::Authentication.config[prov][:arguments]
   end
 end
 
@@ -33,5 +41,5 @@ map '/' do
   require 'rack/content_type'
   use Rack::ContentType
 
-  run Rack::URLMap.new ::Ditty::Components.routes
+  run Rack::URLMap.new Ditty::Components.routes
 end
diff --git a/lib/ditty/templates/views/display.haml.tt b/lib/ditty/templates/views/display.haml.tt
@@ -15,6 +15,5 @@
               %a.btn.btn-secondary{ href: "#{base_path}/#{entity.display_id}/edit" } Edit
           .col-md-6.text-right
             - if policy(entity).delete?
-              = delete_form_tag("#{base_path}/#{entity.display_id}") do
-                %button.btn.btn-warning{ type: 'submit' } Delete
+              = delete_form(entity)
   .col-md-2