commit a229d5639ef84c3c7f2012688542b56f231e3bab
parent 32be3293511a53661a8259506a2a8382088d419c
Author: Vetle Haflan <vetle@haflan.dev>
Date: Sun, 12 Apr 2020 04:04:41 +0200
Remove securecookie keys from config
I'm pretty sure gorilla/sessions use securecookies behind the scenes,
so hopefully it does everything required (should research more)
Diffstat:
1 file changed, 0 insertions(+), 12 deletions(-)
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -15,8 +15,6 @@ var (
keyPassHash = []byte("passhash")
keyPageTitle = []byte("pagetitle")
- keySCHashKey = []byte("schashkey") // Secure cookie hash key
- keySCBlockKey = []byte("blockkey") // Secure cookie block key
keySessionKey = []byte("sessionkey") // Session key
keyCSRFKey = []byte("csrfkey") // CSRF protection auth key
)
@@ -25,8 +23,6 @@ var (
type Config struct {
PassHash []byte
PageTitle []byte
- SCHashKey []byte
- SCBlockKey []byte
SessionKey []byte
CSRFKey []byte
}
@@ -40,8 +36,6 @@ func GetConfig() (config *Config) {
config = &Config{
PassHash: b.Get(keyPassHash),
PageTitle: b.Get(keyPageTitle),
- SCHashKey: b.Get(keySCHashKey),
- SCBlockKey: b.Get(keySCBlockKey),
SessionKey: b.Get(keySessionKey),
CSRFKey: b.Get(keyCSRFKey),
}
@@ -70,8 +64,6 @@ func InitConfig() {
// TODO: Maybe bcrypt is overkill for such a small project? Consider later
passhash, err := bcrypt.GenerateFromPassword(defaultPassPhrase, bcrypt.DefaultCost)
- hashKey := securecookie.GenerateRandomKey(32)
- blockKey := securecookie.GenerateRandomKey(32)
sessionKey := securecookie.GenerateRandomKey(32)
CSRFKey := securecookie.GenerateRandomKey(32)
check(err)
@@ -82,10 +74,6 @@ func InitConfig() {
check(err)
err = b.Put(keyPageTitle, defaultPageTitle)
check(err)
- err = b.Put(keySCHashKey, hashKey)
- check(err)
- err = b.Put(keySCBlockKey, blockKey)
- check(err)
err = b.Put(keySessionKey, sessionKey)
check(err)
err = b.Put(keyCSRFKey, CSRFKey)
