3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-09 23:27:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: generate cookie secret if not set in all-in-one mode (#3742)

Browse source 
* config: generate cookie secret if not set in all-in-one mode

* fix tests

* config: add warning about cookie_secret

* breakup lines
This commit is contained in:
Caleb Doxsey 2022-11-11 14:14:30 -07:00 committed by GitHub
parent 2c9087f5e7
commit 9413123c0f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 111 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

11
config/options.go
View file

@ -985,7 +985,7 @@ func (o *Options) GetSharedKey() ([]byte, error) {
sharedKey = string(bs)
}
// mutual auth between services on the same host can be generated at runtime
if IsAll(o.Services) && o.SharedKey == "" && o.DataBrokerStorageType == StorageInMemoryName {
if IsAll(o.Services) && sharedKey == "" {
sharedKey = randomSharedKey
}
if sharedKey == "" {
@ -1188,6 +1188,15 @@ func (o *Options) GetCookieSecret() ([]byte, error) {
}
cookieSecret = string(bs)
}
if IsAll(o.Services) && cookieSecret == "" {
log.WarnCookieSecret()
cookieSecret = randomSharedKey
}
if cookieSecret == "" {
return nil, errors.New("empty cookie secret")
}
return base64.StdEncoding.DecodeString(cookieSecret)
}