Add proper configuration#9
Conversation
|
Great stuff, thanks 👍 |
|
Addressed all the comments. Thanks for the review! |
| #[derive(serde::Deserialize, Clone)] | ||
| pub struct Config { | ||
| #[serde(rename = "secret_key")] | ||
| pub secret: String, |
There was a problem hiding this comment.
Is this even something that should be configuration? In my mind a secret key is more state than config. Also users can't really be trusted to put something with enough entropy here. Alternatively i would suggest generating a random key on first startup, and storing it in the database.
There was a problem hiding this comment.
Is this even something that should be configuration? In my mind a secret key is more state than config.
I think it's possibly a security risk to store the security in the database, no?
If somebody gets read access to the database (somehow), they'd immediately also have access to the secret key, making it easier to compromise the app. Although one could argue that if an attacker gains unauthorized access to the database, it's over anyways.
There was a problem hiding this comment.
Anyways, this is unrelated to this PR, so merging this anyways.
|
Fixed some oversights and renamed Thanks again! |
2 participants
Removed the dotenvor crate in favor of proper toml configuration, using the config crate. Existing behaviour is completely unchanged. I also updated the readme and compose examples.