rwf2
/
Rocket
mirror of https://github.com/rwf2/Rocket.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename 'session_key' config parameter to 'secret_key'. 

Resolves #220.
This commit is contained in:
Anton Pirker 2017-03-30 22:44:51 +02:00 committed by Sergio Benitez
parent 5e345e99d0
commit 781477fff1
8 changed files with 65 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -216,7 +216,7 @@ In addition to new features, Rocket saw the following smaller improvements:
* Clippy issues injected by codegen are resolved.
* Handlebars was updated to `0.25`.
* The `PartialEq` implementation of `Config` doesn't consider the path or
session key.
secret key.
* Hyper dependency updated to `0.10`.
* The `Error` type for `JSON as FromData` has been exposed as `SerdeError`.
* SVG was added as a known Content-Type.

6
examples/config/Rocket.toml
View File

@ -1,4 +1,4 @@
# Except for the session key, nothing here is necessary; Rocket has sane
# Except for the secret key, none of these are actually needed; Rocket has sane
# defaults. We show all of them here explicitly for demonstrative purposes.
[global.limits]
@ -20,7 +20,7 @@ port = 80
log = "normal"
workers = 8
# don't use this key! generate your own and keep it private!
session_key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg="
secret_key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg="
[production]
address = "0.0.0.0"
@ -28,4 +28,4 @@ port = 80
workers = 12
log = "critical"
# don't use this key! generate your own and keep it private!
session_key = "hPRYyVRiMyxpw5sBB1XeCMN1kFsDCqKvBi2QJxBVHQk="
secret_key = "hPRYyVRiMyxpw5sBB1XeCMN1kFsDCqKvBi2QJxBVHQk="

4
examples/session/Rocket.toml
View File

@ -1,7 +1,7 @@
[staging]
session_key = "itlYmFR2vYKrOmFhupMIn/hyB6lYCCTXz4yaQX89XVg="
secret_key = "itlYmFR2vYKrOmFhupMIn/hyB6lYCCTXz4yaQX89XVg="
address = "localhost"
port = 8000
[production]
session_key = "itlYmFR2vYKrOmFhupMIn/hyB6lYCCTXz4yaQX89XVg="
secret_key = "itlYmFR2vYKrOmFhupMIn/hyB6lYCCTXz4yaQX89XVg="

22
lib/src/config/builder.rs
View File

@ -18,8 +18,8 @@ pub struct ConfigBuilder {
pub workers: u16,
/// How much information to log.
pub log_level: LoggingLevel,
/// The session key.
pub session_key: Option<String>,
/// The secret key.
pub secret_key: Option<String>,
/// TLS configuration (path to certificates file, path to private key file).
pub tls: Option<(String, String)>,
/// Size limits.
@ -66,7 +66,7 @@ impl ConfigBuilder {
port: config.port,
workers: config.workers,
log_level: config.log_level,
session_key: None,
secret_key: None,
tls: None,
limits: config.limits,
extras: config.extras,
@ -150,7 +150,7 @@ impl ConfigBuilder {
self
}
/// Sets the `session_key` in the configuration being built.
/// Sets the `secret_key` in the configuration being built.
///
/// # Example
///
@ -160,11 +160,11 @@ impl ConfigBuilder {
///
/// let key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg=";
/// let mut config = Config::build(Environment::Staging)
/// .session_key(key)
/// .secret_key(key)
/// .unwrap();
/// ```
pub fn session_key<K: Into<String>>(mut self, key: K) -> Self {
self.session_key = Some(key.into());
pub fn secret_key<K: Into<String>>(mut self, key: K) -> Self {
self.secret_key = Some(key.into());
self
}
@ -271,7 +271,7 @@ impl ConfigBuilder {
/// # Errors
///
/// If the current working directory cannot be retrieved, returns a `BadCWD`
/// error. If the address or session key fail to parse, returns a `BadType`
/// error. If the address or secret key fail to parse, returns a `BadType`
/// error.
///
/// # Example
@ -307,8 +307,8 @@ impl ConfigBuilder {
config.set_tls(&certs_path, &key_path)?;
}
if let Some(key) = self.session_key {
config.set_session_key(key)?;
if let Some(key) = self.secret_key {
config.set_secret_key(key)?;
}
Ok(config)
@ -319,7 +319,7 @@ impl ConfigBuilder {
/// # Panics
///
/// Panics if the current working directory cannot be retrieved or if the
/// supplied address or session key fail to parse.
/// supplied address or secret key fail to parse.
///
/// # Example
///

40
lib/src/config/config.rs
View File

@ -40,8 +40,8 @@ pub struct Config {
pub workers: u16,
/// How much information to log.
pub log_level: LoggingLevel,
/// The session key.
pub(crate) session_key: SessionKey,
/// The secret key.
pub(crate) secret_key: SecretKey,
/// TLS configuration.
pub(crate) tls: Option<TlsConfig>,
/// Streaming read size limits.
@ -131,8 +131,8 @@ impl Config {
// Note: This may truncate if num_cpus::get() > u16::max. That's okay.
let default_workers = ::std::cmp::max(num_cpus::get(), 2) as u16;
// Use a generated session key by default.
let key = SessionKey::Generated(Key::generate());
// Use a generated secret key by default.
let key = SecretKey::Generated(Key::generate());
Ok(match env {
Development => {
@ -142,7 +142,7 @@ impl Config {
port: 8000,
workers: default_workers,
log_level: LoggingLevel::Normal,
session_key: key,
secret_key: key,
tls: None,
limits: Limits::default(),
extras: HashMap::new(),
@ -156,7 +156,7 @@ impl Config {
port: 80,
workers: default_workers,
log_level: LoggingLevel::Normal,
session_key: key,
secret_key: key,
tls: None,
limits: Limits::default(),
extras: HashMap::new(),
@ -170,7 +170,7 @@ impl Config {
port: 80,
workers: default_workers,
log_level: LoggingLevel::Critical,
session_key: key,
secret_key: key,
tls: None,
limits: Limits::default(),
extras: HashMap::new(),
@ -192,7 +192,7 @@ impl Config {
}
/// Sets the configuration `val` for the `name` entry. If the `name` is one
/// of "address", "port", "session_key", "log", or "workers" (the "default"
/// of "address", "port", "secret_key", "log", or "workers" (the "default"
/// values), the appropriate value in the `self` Config structure is set.
/// Otherwise, the value is stored as an `extra`.
///
@ -204,7 +204,7 @@ impl Config {
/// * **port**: Integer (16-bit unsigned)
/// * **workers**: Integer (16-bit unsigned)
/// * **log**: String
/// * **session_key**: String (192-bit base64)
/// * **secret_key**: String (192-bit base64)
/// * **tls**: Table (`certs` (path as String), `key` (path as String))
pub(crate) fn set_raw(&mut self, name: &str, val: &Value) -> Result<()> {
let (id, ok) = (|val| val, |_| Ok(()));
@ -212,7 +212,7 @@ impl Config {
address => (str, set_address, id),
port => (u16, set_port, ok),
workers => (u16, set_workers, ok),
session_key => (str, set_session_key, id),
secret_key => (str, set_secret_key, id),
log => (log_level, set_log_level, ok),
tls => (tls_config, set_raw_tls, id),
limits => (limits, set_limits, ok)
@ -313,7 +313,7 @@ impl Config {
self.workers = workers;
}
/// Sets the `session_key` in `self` to `key` which must be a 192-bit base64
/// Sets the `secret_key` in `self` to `key` which must be a 192-bit base64
/// encoded string.
///
/// # Errors
@ -330,14 +330,14 @@ impl Config {
/// # fn config_test() -> Result<(), ConfigError> {
/// let mut config = Config::new(Environment::Staging)?;
/// let key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg=";
/// assert!(config.set_session_key(key).is_ok());
/// assert!(config.set_session_key("hello? anyone there?").is_err());
/// assert!(config.set_secret_key(key).is_ok());
/// assert!(config.set_secret_key("hello? anyone there?").is_err());
/// # Ok(())
/// # }
/// ```
pub fn set_session_key<K: Into<String>>(&mut self, key: K) -> Result<()> {
pub fn set_secret_key<K: Into<String>>(&mut self, key: K) -> Result<()> {
let key = key.into();
let error = self.bad_type("session_key", "string",
let error = self.bad_type("secret_key", "string",
"a 256-bit base64 encoded string");
if key.len() != 44 {
@ -349,7 +349,7 @@ impl Config {
Err(_) => return Err(error)
};
self.session_key = SessionKey::Provided(Key::from_master(&bytes));
self.secret_key = SecretKey::Provided(Key::from_master(&bytes));
Ok(())
}
@ -478,10 +478,10 @@ impl Config {
self.extras.iter().map(|(k, v)| (k.as_str(), v))
}
/// Retrieves the session key from `self`.
/// Retrieves the secret key from `self`.
#[inline]
pub(crate) fn session_key(&self) -> &Key {
self.session_key.inner()
pub(crate) fn secret_key(&self) -> &Key {
self.secret_key.inner()
}
/// Attempts to retrieve the extra named `name` as a string.
@ -668,7 +668,7 @@ impl fmt::Debug for Config {
}
}
/// Doesn't consider the session key or config path.
/// Doesn't consider the secret key or config path.
impl PartialEq for Config {
fn eq(&self, other: &Config) -> bool {
self.address == other.address

14
lib/src/config/custom_values.rs
View File

@ -7,24 +7,24 @@ use config::{Result, Config, Value, ConfigError};
use http::Key;
#[derive(Clone)]
pub enum SessionKey {
pub enum SecretKey {
Generated(Key),
Provided(Key)
}
impl SessionKey {
#[inline(always)]
impl SecretKey {
#[inline]
pub fn kind(&self) -> &'static str {
match *self {
SessionKey::Generated(_) => "generated",
SessionKey::Provided(_) => "provided",
SecretKey::Generated(_) => "generated",
SecretKey::Provided(_) => "provided",
}
}
#[inline(always)]
#[inline]
pub(crate) fn inner(&self) -> &Key {
match *self {
SessionKey::Generated(ref key) | SessionKey::Provided(ref key) => key
SecretKey::Generated(ref key) | SecretKey::Provided(ref key) => key
}
}
}

38
lib/src/config/mod.rs
View File

@ -40,8 +40,8 @@
//! * examples: `12`, `1`, `4`
//! * **log**: _[string]_ how much information to log; one of `"normal"`,
//! `"debug"`, or `"critical"`
//! * **session_key**: _[string]_ a 256-bit base64 encoded string (44
//! characters) to use as the session key
//! * **secret_key**: _[string]_ a 256-bit base64 encoded string (44
//! characters) to use as the secret key
//! * example: `"8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg="`
//! * **tls**: _[table]_ a table with two keys: 1) `certs`: _[string]_ a path
//! to a certificate chain in PEM format, and 2) `key`: _[string]_ a path to a
@ -71,7 +71,7 @@
//! port = 8000
//! workers = max(number_of_cpus, 2)
//! log = "normal"
//! session_key = [randomly generated at launch]
//! secret_key = [randomly generated at launch]
//! limits = { forms = 32768 }
//!
//! [staging]
@ -79,7 +79,7 @@
//! port = 80
//! workers = max(number_of_cpus, 2)
//! log = "normal"
//! session_key = [randomly generated at launch]
//! secret_key = [randomly generated at launch]
//! limits = { forms = 32768 }
//!
//! [production]
@ -87,14 +87,14 @@
//! port = 80
//! workers = max(number_of_cpus, 2)
//! log = "critical"
//! session_key = [randomly generated at launch]
//! secret_key = [randomly generated at launch]
//! limits = { forms = 32768 }
//! ```
//!
//! The `workers` and `session_key` default parameters are computed by Rocket
//! The `workers` and `secret_key` default parameters are computed by Rocket
//! automatically; the values above are not valid TOML syntax. When manually
//! specifying the number of workers, the value should be an integer: `workers =
//! 10`. When manually specifying the session key, the value should a 256-bit
//! 10`. When manually specifying the secret key, the value should a 256-bit
//! base64 encoded string. Such a string can be generated with the `openssl`
//! command line tool: `openssl rand -base64 32`.
//!
@ -634,7 +634,7 @@ mod test {
port = 7810
workers = 21
log = "critical"
session_key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg="
secret_key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg="
template_dir = "mine"
json = true
pi = 3.14
@ -645,7 +645,7 @@ mod test {
.port(7810)
.workers(21)
.log_level(LoggingLevel::Critical)
.session_key("8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg=")
.secret_key("8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg=")
.extra("template_dir", "mine")
.extra("json", true)
.extra("pi", 3.14);
@ -971,49 +971,49 @@ mod test {
}
#[test]
fn test_good_session_key() {
fn test_good_secret_key() {
// Take the lock so changing the environment doesn't cause races.
let _env_lock = ENV_LOCK.lock().unwrap();
env::set_var(CONFIG_ENV, "stage");
check_config!(RocketConfig::parse(r#"
[stage]
session_key = "TpUiXK2d/v5DFxJnWL12suJKPExKR8h9zd/o+E7SU+0="
secret_key = "TpUiXK2d/v5DFxJnWL12suJKPExKR8h9zd/o+E7SU+0="
"#.to_string(), TEST_CONFIG_FILENAME), {
default_config(Staging).session_key(
default_config(Staging).secret_key(
"TpUiXK2d/v5DFxJnWL12suJKPExKR8h9zd/o+E7SU+0="
)
});
check_config!(RocketConfig::parse(r#"
[stage]
session_key = "jTyprDberFUiUFsJ3vcb1XKsYHWNBRvWAnXTlbTgGFU="
secret_key = "jTyprDberFUiUFsJ3vcb1XKsYHWNBRvWAnXTlbTgGFU="
"#.to_string(), TEST_CONFIG_FILENAME), {
default_config(Staging).session_key(
default_config(Staging).secret_key(
"jTyprDberFUiUFsJ3vcb1XKsYHWNBRvWAnXTlbTgGFU="
)
});
}
#[test]
fn test_bad_session_key() {
fn test_bad_secret_key() {
// Take the lock so changing the environment doesn't cause races.
let _env_lock = ENV_LOCK.lock().unwrap();
env::remove_var(CONFIG_ENV);
assert!(RocketConfig::parse(r#"
[dev]
session_key = true
secret_key = true
"#.to_string(), TEST_CONFIG_FILENAME).is_err());
assert!(RocketConfig::parse(r#"
[dev]
session_key = 1283724897238945234897
secret_key = 1283724897238945234897
"#.to_string(), TEST_CONFIG_FILENAME).is_err());
assert!(RocketConfig::parse(r#"
[dev]
session_key = "abcv"
secret_key = "abcv"
"#.to_string(), TEST_CONFIG_FILENAME).is_err());
}
@ -1034,7 +1034,7 @@ mod test {
assert!(RocketConfig::parse(r#"
[dev]
session_key = "abcv" = other
secret_key = "abcv" = other
"#.to_string(), TEST_CONFIG_FILENAME).is_err());
}

4
lib/src/rocket.rs
View File

@ -218,7 +218,7 @@ impl Rocket {
info!("{}:", request);
// Inform the request about all of the precomputed state.
request.set_preset_state(&self.config.session_key(), &self.state);
request.set_preset_state(&self.config.secret_key(), &self.state);
// Do a bit of preprocessing before routing; run the attached fairings.
self.preprocess_request(request, &data);
@ -393,7 +393,7 @@ impl Rocket {
info_!("port: {}", White.paint(&config.port));
info_!("log: {}", White.paint(config.log_level));
info_!("workers: {}", White.paint(config.workers));
info_!("session key: {}", White.paint(config.session_key.kind()));
info_!("secret key: {}", White.paint(config.secret_key.kind()));
info_!("limits: {}", White.paint(&config.limits));
let tls_configured = config.tls.is_some();