Config: Mandatory hmac key (#3955)

This commit is contained in:
Samantaz Fox 2023-07-01 21:33:45 +02:00
commit 9060cc4e53
No known key found for this signature in database
GPG key ID: F42821059186176E
3 changed files with 19 additions and 4 deletions

View file

@ -455,13 +455,17 @@ jobs:
#use_pubsub_feeds: false
##
## HMAC signing key used for CSRF tokens and pubsub
## HMAC signing key used for CSRF tokens, cookies and pubsub
## subscriptions verification.
##
## Note: This parameter is mandatory and should be a random string.
## Such random string can be generated on linux with the following
## command: `pwdgen 20 1`
##
## Accepted values: a string
## Default: <none>
##
#hmac_key:
hmac_key: "CHANGE_ME!!"
##
## List of video IDs where the "download" widget must be

View file

@ -30,6 +30,7 @@ services:
# domain:
# https_only: false
# statistics_enabled: false
hmac_key: "CHANGE_ME!!"
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s

View file

@ -85,7 +85,7 @@ class Config
# Used to tell Invidious it is behind a proxy, so links to resources should be https://
property https_only : Bool?
# HMAC signing key for CSRF tokens and verifying pubsub subscriptions
property hmac_key : String?
property hmac_key : String = ""
# Domain to be used for links to resources on the site where an absolute URL is required
property domain : String?
# Subscribe to channels using PubSubHubbub (requires domain, hmac_key)
@ -204,6 +204,16 @@ class Config
end
{% end %}
# HMAC_key is mandatory
# See: https://github.com/iv-org/invidious/issues/3854
if config.hmac_key.empty?
puts "Config: 'hmac_key' is required/can't be empty"
exit(1)
elsif config.hmac_key == "CHANGE_ME!!"
puts "Config: The value of 'hmac_key' needs to be changed!!"
exit(1)
end
# Build database_url from db.* if it's not set directly
if config.database_url.to_s.empty?
if db = config.db