Ver a proveniência
Ensure the app does not even start if OTP_SECRET is not set (#6557 )
* Ensure the app does not even start if OTP_SECRET is not set
* Remove PAPERCLIP_SECRET (it's not used by anything, actually)
Imports are for internal consumption and the url option isn't even
used correctly, so we can remove the hash stuff from them
master
Eugen Rochko
há 6 anos
committed by
GitHub
ascendente
cometimento
5cc716688a
Não foi encontrada uma chave conhecida para esta assinatura, na base de dados
ID da chave GPG: 4AEE18F83AFDEB23
4 ficheiros alterados com
3 adições e
4 eliminações
.env.production.sample
app/models/import.rb
app/models/user.rb
lib/tasks/mastodon.rake
@@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com
# Application secrets
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=
@@ -26,7 +26,7 @@ class Import < ApplicationRecord
validates :type, presence: true
has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET']
has_attached_file :data
validates_attachment_content_type :data, content_type: FILE_TYPES
validates_attachment_presence :data
end
@@ -44,7 +44,7 @@ class User < ApplicationRecord
ACTIVE_DURATION = 14.days
devise :two_factor_authenticatable,
otp_secret_encryption_key: ENV['OTP_SECRET']
otp_secret_encryption_key: ENV.fetch('OTP_SECRET')
devise :two_factor_backupable,
otp_number_of_backup_codes: 10
@@ -23,7 +23,7 @@ namespace :mastodon do
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
%w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
%w(SECRET_KEY_BASE OTP_SECRET).each do |key|
env[key] = SecureRandom.hex(64)
end