Permalink
Browse files

make batteries require a secret

  • Loading branch information...
1 parent 0cae8f2 commit ce5b58722a8dac4f9077e67672ea581c2c10cac8 @nrstott committed Feb 21, 2014
View
@@ -153,7 +153,8 @@ function batteriesConfig(overrides) {
};
batteriesConfig.default = {
- directory: 'public'
+ directory: 'public',
+ session: {}
};
/**
@@ -182,6 +183,9 @@ middleware.batteries = function(config, nextApp) {
}
config = batteriesConfig(config);
+ if (config.secret) {
+ config.session.secret = config.secret;
+ }
if (!nextApp) {
throw 'Bogart batteries requires at least one parameter, a nextApp to execute to fulfill the request.'
@@ -192,7 +196,7 @@ middleware.batteries = function(config, nextApp) {
middleware.directory(config.directory,
middleware.parted(config.parted || undefined,
middleware.methodOverride(
- middleware.session(config.session || undefined,
+ middleware.session(config.session,
middleware.flash(config.flash || undefined,
middleware.bodyAdapter(
middleware.stringReturnAdapter(nextApp)))))))));
@@ -7,7 +7,10 @@ var uuid = require("node-uuid"),
function CookieDataProvider(config) {
config = config || {};
config.lifetime = config.lifetime || DEFAULT_SESSION_LIFETIME;
- config.secret = config.secret || "2d5ff9be-0758-11e1-a2f5-000c290196f7";
+
+ if (!config.secret) {
+ throw new Error('CookieDataProvider `secret` is required: new CookieDataProvider({ secret: "my-super-secret" })');
+ }
this.encrypt = config.encrypt || security.encrypt;
this.decrypt = config.decrypt || security.decrypt;
@@ -27,7 +27,7 @@ describe 'Cookie Data Provider', ->
decrypt.andReturn decryptedSessionData
cookieDataProvider = new CookieDataProvider({
- encryptionKey: encryptionKey,
+ secret: encryptionKey,
encrypt: encrypt,
decrypt: decrypt
});
@@ -353,7 +353,7 @@ describe 'session', ->
values = []
beforeEach ->
- sessionApp = bogart.middleware.session {}, (req) ->
+ sessionApp = bogart.middleware.session { secret: 'my-super-secret' }, (req) ->
req.session('foo', 'bar') if firstRequest
firstRequest = false
@@ -484,7 +484,7 @@ describe 'batteries', ->
beforeEach ->
spyOn bogart.middleware, 'directory'
- bogart.middleware.batteries({ directory: 'public' })((req) -> {})
+ bogart.middleware.batteries({ directory: 'public', secret: 'my-super-secret' })((req) -> {})
it 'should pass correct configuration to directory middleware', ->
expect(bogart.middleware.directory).toHaveBeenCalledWith 'public', jasmine.any(Function)

2 comments on commit ce5b587

Contributor

bennlich replied Sep 5, 2014

Does this mean the examples in the README and in examples/ need to be updated? How do you specify a secret with this syntax:

var app = bogart.app();
app.use(bogart.batteries); // A batteries included JSGI stack including streaming request body parsing,  session, flash, and much more.
Owner

nrstott replied Sep 27, 2014

Ben, use they do. You specify it as follows:

app.use(bogart.batteries({ secret: 'my-secret' }))
Please sign in to comment.