diff options
| author | Samantaz Fox <coding@samantaz.fr> | 2023-07-01 21:33:45 +0200 |
|---|---|---|
| committer | Samantaz Fox <coding@samantaz.fr> | 2023-07-01 21:33:45 +0200 |
| commit | 9060cc4e53eb5441dd36a6564548fac14b278d8e (patch) | |
| tree | 94d8a986d5eceafec359b6a571d0fdec6aba5b9e | |
| parent | 75c4c0b349cfa7bb9904824b268bc930911399da (diff) | |
| parent | e2a6f5ddf26f7fca4ffe9be867dd15a3ed5f73b0 (diff) | |
| download | invidious-9060cc4e53eb5441dd36a6564548fac14b278d8e.tar.gz invidious-9060cc4e53eb5441dd36a6564548fac14b278d8e.tar.bz2 invidious-9060cc4e53eb5441dd36a6564548fac14b278d8e.zip | |
Config: Mandatory hmac key (#3955)
| -rw-r--r-- | config/config.example.yml | 8 | ||||
| -rw-r--r-- | docker-compose.yml | 1 | ||||
| -rw-r--r-- | src/invidious/config.cr | 14 |
3 files changed, 19 insertions, 4 deletions
diff --git a/config/config.example.yml b/config/config.example.yml index c591eb6a..2da6e55e 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -455,13 +455,17 @@ jobs: #use_pubsub_feeds: false ## -## HMAC signing key used for CSRF tokens and pubsub +## HMAC signing key used for CSRF tokens, cookies and pubsub ## subscriptions verification. ## +## Note: This parameter is mandatory and should be a random string. +## Such random string can be generated on linux with the following +## command: `pwdgen 20 1` +## ## Accepted values: a string ## Default: <none> ## -#hmac_key: +hmac_key: "CHANGE_ME!!" ## ## List of video IDs where the "download" widget must be diff --git a/docker-compose.yml b/docker-compose.yml index eb83b020..6a854475 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -30,6 +30,7 @@ services: # domain: # https_only: false # statistics_enabled: false + hmac_key: "CHANGE_ME!!" healthcheck: test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 interval: 30s diff --git a/src/invidious/config.cr b/src/invidious/config.cr index 9fc58409..e5f1e822 100644 --- a/src/invidious/config.cr +++ b/src/invidious/config.cr @@ -85,7 +85,7 @@ class Config # Used to tell Invidious it is behind a proxy, so links to resources should be https:// property https_only : Bool? # HMAC signing key for CSRF tokens and verifying pubsub subscriptions - property hmac_key : String? + property hmac_key : String = "" # Domain to be used for links to resources on the site where an absolute URL is required property domain : String? # Subscribe to channels using PubSubHubbub (requires domain, hmac_key) @@ -204,6 +204,16 @@ class Config end {% end %} + # HMAC_key is mandatory + # See: https://github.com/iv-org/invidious/issues/3854 + if config.hmac_key.empty? + puts "Config: 'hmac_key' is required/can't be empty" + exit(1) + elsif config.hmac_key == "CHANGE_ME!!" + puts "Config: The value of 'hmac_key' needs to be changed!!" + exit(1) + end + # Build database_url from db.* if it's not set directly if config.database_url.to_s.empty? if db = config.db @@ -216,7 +226,7 @@ class Config path: db.dbname, ) else - puts "Config : Either database_url or db.* is required" + puts "Config: Either database_url or db.* is required" exit(1) end end |