From 11f32f9e1923cdc51a2c7081b883cf8f8f9b22ab Mon Sep 17 00:00:00 2001 From: Jurgens du Toit Date: Sun, 9 Jun 2024 13:08:04 +0200 Subject: [PATCH] chore: Simpler secret setup --- lib/ditty/tasks/ditty.rake | 10 ++++++---- lib/ditty/templates/config.ru | 20 ++++++++++++++------ lib/ditty/templates/views/display.haml.tt | 3 +-- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/lib/ditty/tasks/ditty.rake b/lib/ditty/tasks/ditty.rake index 0dc6bab..f48b1e3 100644 --- a/lib/ditty/tasks/ditty.rake +++ b/lib/ditty/tasks/ditty.rake @@ -11,14 +11,16 @@ namespace :ditty do end desc 'Prepare Ditty' - task prep: ['generate_tokens', 'prep:folders', 'prep:public', 'prep:migrations'] + task prep: ['prep:folders', 'generate_tokens', 'prep:public', 'prep:migrations'] desc 'Generate the needed tokens' task :generate_tokens do puts 'Generating the Ditty tokens' + require 'securerandom' - File.write('.session_secret', SecureRandom.random_bytes(40)) unless File.file?('.session_secret') - File.write('.token_secret', SecureRandom.random_bytes(40)) unless File.file?('.token_secret') + unless File.file?('.session_secret') || ENV.fetch('SECRET_SEED', nil) + File.write('./config/.secret_seed', SecureRandom.random_bytes(40)) + end end desc 'Seed the Ditty database' @@ -116,7 +118,7 @@ namespace :ditty do puts "** [ditty] Running Ditty Migrations to #{args[:version]}" ::Sequel.extension :migration - ::Sequel::Migrator.run(::DB, folder, target: args[:version].to_i) + ::Sequel::Migrator.run(::DB, folder, target: args[:version]) end desc 'Migrate Ditty database to latest version' diff --git a/lib/ditty/templates/config.ru b/lib/ditty/templates/config.ru index 6b4878f..d75cf07 100644 --- a/lib/ditty/templates/config.ru +++ b/lib/ditty/templates/config.ru @@ -4,23 +4,31 @@ require 'dotenv/load' # Last Gasp Effort to catch the error require 'ditty/middleware/error_catchall' -use ::Ditty::Middleware::ErrorCatchall if ENV['APP_ENV'] == 'production' +use Ditty::Middleware::ErrorCatchall if ENV['APP_ENV'] == 'production' require 'rack/static' use Rack::Static, urls: ['/favicon.ico', '/js/', '/images/', '/css/'], root: 'public' # Session +secret = if ENV.fetch('SECRET_SEED', nil) + Base64.decode64(ENV.fetch('SECRET_SEED')) +elsif File.exist?('config/.secret_seed') + File.read('config/.secret_seed') +else + raise 'No secret seed set up yet' +end use Rack::Session::Cookie, key: '_Ditty_session', path: '/', - # :secure=>!TEST_MODE, # Uncomment if only allowing https:// access - secret: File.read('.session_secret') + secure: ENV.fetch('APP_ENV', 'development') == 'production', + secret: secret require './application' + require 'ditty/services/authentication' use OmniAuth::Builder do - ::Ditty::Services::Authentication.providers.each do |prov| - provider prov, *::Ditty::Services::Authentication.config[prov][:arguments] + Ditty::Services::Authentication.providers.each do |prov| + provider prov, *Ditty::Services::Authentication.config[prov][:arguments] end end @@ -33,5 +41,5 @@ map '/' do require 'rack/content_type' use Rack::ContentType - run Rack::URLMap.new ::Ditty::Components.routes + run Rack::URLMap.new Ditty::Components.routes end diff --git a/lib/ditty/templates/views/display.haml.tt b/lib/ditty/templates/views/display.haml.tt index 6958c9c..b371b6b 100644 --- a/lib/ditty/templates/views/display.haml.tt +++ b/lib/ditty/templates/views/display.haml.tt @@ -15,6 +15,5 @@ %a.btn.btn-secondary{ href: "#{base_path}/#{entity.display_id}/edit" } Edit .col-md-6.text-right - if policy(entity).delete? - = delete_form_tag("#{base_path}/#{entity.display_id}") do - %button.btn.btn-warning{ type: 'submit' } Delete + = delete_form(entity) .col-md-2