diff --git a/core/lib/Cargo.toml b/core/lib/Cargo.toml index 072a5032..534662eb 100644 --- a/core/lib/Cargo.toml +++ b/core/lib/Cargo.toml @@ -34,6 +34,7 @@ state = "0.4.1" time = "0.1" memchr = "2" # TODO: Use pear instead. base64 = "0.10" +base16 = "0.2" pear = "0.1" atty = "0.2" diff --git a/core/lib/src/config/config.rs b/core/lib/src/config/config.rs index 1bcc6120..ff05960e 100644 --- a/core/lib/src/config/config.rs +++ b/core/lib/src/config/config.rs @@ -10,7 +10,7 @@ use crate::config::{Table, Value, Array, Datetime}; use crate::http::private::Key; use super::custom_values::*; -use {num_cpus, base64}; +use {num_cpus, base16, base64}; /// Structure for Rocket application configuration. /// @@ -298,7 +298,7 @@ impl Config { /// * **workers**: Integer (16-bit unsigned) /// * **keep_alive**: Integer /// * **log**: String - /// * **secret_key**: String (256-bit base64) + /// * **secret_key**: String (256-bit base64 or base16) /// * **tls**: Table (`certs` (path as String), `key` (path as String)) pub(crate) fn set_raw(&mut self, name: &str, val: &Value) -> Result<()> { let (id, ok) = (|val| val, |_| Ok(())); @@ -423,11 +423,11 @@ impl Config { } /// Sets the `secret_key` in `self` to `key` which must be a 256-bit base64 - /// encoded string. + /// or base16 encoded string. /// /// # Errors /// - /// If `key` is not a valid 256-bit base64 encoded string, returns a + /// If `key` is not a valid 256-bit encoded string, returns a /// `BadType` error. /// /// # Example @@ -438,20 +438,31 @@ impl Config { /// let mut config = Config::new(Environment::Staging); /// let key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg="; /// assert!(config.set_secret_key(key).is_ok()); + /// let key = "fe4c5b09a9ac372156e44ce133bc940685ef5e0394d6e9274aadacc21e4f2643"; + /// assert!(config.set_secret_key(key).is_ok()); /// assert!(config.set_secret_key("hello? anyone there?").is_err()); /// ``` pub fn set_secret_key>(&mut self, key: K) -> Result<()> { let key = key.into(); let error = self.bad_type("secret_key", "string", - "a 256-bit base64 encoded string"); + "a 256-bit base16 or base64 encoded string"); - if key.len() != 44 { - return Err(error); - } - - let bytes = match base64::decode(&key) { - Ok(bytes) => bytes, - Err(_) => return Err(error) + let bytes = match key.len() { + 44 => { + match base64::decode(&key) { + Ok(bytes) => bytes, + Err(_) => return Err(error) + } + } + 64 => { + match base16::decode(&key) { + Ok(bytes) => bytes, + Err(_) => return Err(error) + } + } + _ => { + return Err(error) + } }; self.secret_key = SecretKey::Provided(Key::from_master(&bytes)); diff --git a/site/guide/9-configuration.md b/site/guide/9-configuration.md index 5693acdd..585d8148 100644 --- a/site/guide/9-configuration.md +++ b/site/guide/9-configuration.md @@ -92,9 +92,9 @@ limits = { forms = 32768 } The `workers` and `secret_key` default parameters are computed by Rocket automatically; the values above are not valid TOML syntax. When manually specifying the number of workers, the value should be an integer: `workers = -10`. When manually specifying the secret key, the value should a 256-bit base64 -encoded string. Such a string can be generated using a tool such as openssl: -`openssl rand -base64 32`. +10`. When manually specifying the secret key, the value should a random 256-bit +value, encoded as a base64 or base16 string. Such a string can be generated +using a tool like openssl: `openssl rand -base64 32`. The "global" pseudo-environment can be used to set and/or override configuration parameters globally. A parameter defined in a `[global]` table sets, or