use secure default session secret

2023-03-17 18:27:13 +00:00 · 2023-03-17 18:27:13 +00:00 · b0d8d5c20d
parent 174feea1b5
commit b0d8d5c20d
2 changed files with 7 additions and 2 deletions
--- a/server/src/auth0.ts
+++ b/server/src/auth0.ts
@ -1,10 +1,13 @@
 import crypto from 'crypto';
 import { auth, ConfigParams } from 'express-openid-connect';
 import ChatServer from './index';
 const secret = process.env.AUTH_SECRET || crypto.randomBytes(32).toString('hex');
 const config: ConfigParams = {
    authRequired: false,
    auth0Logout: false,
-    secret: process.env.AUTH_SECRET || 'keyboard cat',
+    secret,
    baseURL: process.env.PUBLIC_URL,
    clientID: process.env.AUTH0_CLIENT_ID,
    issuerBaseURL: process.env.AUTH0_ISSUER,
--- a/server/src/passport.ts
+++ b/server/src/passport.ts
@ -5,6 +5,8 @@ import createSQLiteSessionStore from 'connect-sqlite3';
 import { Strategy as LocalStrategy } from 'passport-local';
 import ChatServer from './index';
 const secret = process.env.AUTH_SECRET || crypto.randomBytes(32).toString('hex');
 export function configurePassport(context: ChatServer) {
    const SQLiteStore = createSQLiteSessionStore(session);
    const sessionStore = new SQLiteStore({ db: 'sessions.db' });
@ -42,7 +44,7 @@ export function configurePassport(context: ChatServer) {
    });
    context.app.use(session({
-        secret: process.env.AUTH_SECRET || 'keyboard cat',
+        secret,
        resave: false,
        saveUninitialized: false,
        store: sessionStore as any,