Config: Mandatory hmac key (#3955)

This commit is contained in:
Samantaz Fox 2023-07-01 21:33:45 +02:00
commit 9060cc4e53
No known key found for this signature in database
GPG Key ID: F42821059186176E
3 changed files with 19 additions and 4 deletions

View File

@ -455,13 +455,17 @@ jobs:
#use_pubsub_feeds: false #use_pubsub_feeds: false
## ##
## HMAC signing key used for CSRF tokens and pubsub ## HMAC signing key used for CSRF tokens, cookies and pubsub
## subscriptions verification. ## subscriptions verification.
## ##
## Note: This parameter is mandatory and should be a random string.
## Such random string can be generated on linux with the following
## command: `pwdgen 20 1`
##
## Accepted values: a string ## Accepted values: a string
## Default: <none> ## Default: <none>
## ##
#hmac_key: hmac_key: "CHANGE_ME!!"
## ##
## List of video IDs where the "download" widget must be ## List of video IDs where the "download" widget must be

View File

@ -30,6 +30,7 @@ services:
# domain: # domain:
# https_only: false # https_only: false
# statistics_enabled: false # statistics_enabled: false
hmac_key: "CHANGE_ME!!"
healthcheck: healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s interval: 30s

View File

@ -85,7 +85,7 @@ class Config
# Used to tell Invidious it is behind a proxy, so links to resources should be https:// # Used to tell Invidious it is behind a proxy, so links to resources should be https://
property https_only : Bool? property https_only : Bool?
# HMAC signing key for CSRF tokens and verifying pubsub subscriptions # HMAC signing key for CSRF tokens and verifying pubsub subscriptions
property hmac_key : String? property hmac_key : String = ""
# Domain to be used for links to resources on the site where an absolute URL is required # Domain to be used for links to resources on the site where an absolute URL is required
property domain : String? property domain : String?
# Subscribe to channels using PubSubHubbub (requires domain, hmac_key) # Subscribe to channels using PubSubHubbub (requires domain, hmac_key)
@ -204,6 +204,16 @@ class Config
end end
{% end %} {% end %}
# HMAC_key is mandatory
# See: https://github.com/iv-org/invidious/issues/3854
if config.hmac_key.empty?
puts "Config: 'hmac_key' is required/can't be empty"
exit(1)
elsif config.hmac_key == "CHANGE_ME!!"
puts "Config: The value of 'hmac_key' needs to be changed!!"
exit(1)
end
# Build database_url from db.* if it's not set directly # Build database_url from db.* if it's not set directly
if config.database_url.to_s.empty? if config.database_url.to_s.empty?
if db = config.db if db = config.db
@ -216,7 +226,7 @@ class Config
path: db.dbname, path: db.dbname,
) )
else else
puts "Config : Either database_url or db.* is required" puts "Config: Either database_url or db.* is required"
exit(1) exit(1)
end end
end end