Skip to content

Commit

Permalink
Load session cookie secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@malte-laukoetter
malte-laukoetter committed Dec 20, 2023
1 parent 9e414ee commit ae45fe9
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 4 deletions.
1 change: 1 addition & 0 deletions .env.example
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
NOCODB_BASE_URL="https://metrics.ds4g.dev:38081"
NOCODB_AUTH_TOKEN="YOUR_NOCODB_AUTH_TOKEN"
SESSION_COOKIE_SECRET="Your secret"
2 changes: 2 additions & 0 deletions .github/workflows/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ env:
jobs:
build:
runs-on: ubuntu-latest
env:
SESSION_COOKIE_SECRET: build session cookie secret
steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down
8 changes: 5 additions & 3 deletions .talismanrc
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
fileignoreconfig:
- filename: .github/workflows/pipeline.yml
checksum: 294aacbf197c9189c66b49f79ccc255abf40494a3641eda54f26d5c442144489
checksum: 701ab9412bdcc492900dde4a2f5dd383e3c54aba3ca080c9b43c4c25e9334ffb
- filename: .github/workflows/scan.yml
checksum: 14fd20b334e55e9f6ee23d13fa82d2c17d94cb59928b7dd5828e8adca40cf1d8
- filename: README.md
Expand All @@ -12,7 +12,9 @@ fileignoreconfig:
- filename: SECURITY.md
checksum: b1743150cdd537be3a66f5308f887d130f0f320ab21628b63713808090a84e3f
- filename: .env.example
checksum: 71ab6e499db835e32c6656aafe28833d7d49b4e1441ba8404dc28691da023609
checksum: d8f34bb85e049048eda804484e9928cc82d9524b639a23117b2faf94fcd9a8ab
- filename: start.sh
checksum: 7546c3e95fbdb1c515680d6319ee31ee6c27aef9aa7415f132d63700f9692226
- filename: app/tasks/nocodbClient.server.ts
checksum: f4bcc85b1fbacd2a8dd8da7675849a40024fb1f7d909b4692954412aa2473319
- filename: app/mocks/stubs/calculationPositions.json
Expand All @@ -28,7 +30,7 @@ fileignoreconfig:
- filename: tests/e2e/LoginPage.ts
allowed_patterns: [password]
- filename: app/sessions.ts
allowed_patterns: [todo_create_a_secret_and_load_from_env]
allowed_patterns: [sessionCookieSecret, SESSION_COOKIE_SECRET]

version: ""
scopeconfig:
Expand Down
9 changes: 8 additions & 1 deletion app/sessions.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,16 @@ export type SessionData = {
troiCalendarEvents: CalendarEvent[];
};

const sessionCookieSecret = process.env.SESSION_COOKIE_SECRET;
if (sessionCookieSecret === undefined) {
throw new Error(
"Missing secret for session cookie (enviroment variable SESSION_COOKIE_SECRET)",
);
}

const sessionCookie = createCookie("__session", {
maxAge: 30 * 24 * 60 * 60,
secrets: ["todo_create_a_secret_and_load_from_env"],
secrets: [sessionCookieSecret],
sameSite: "lax",
secure: true,
httpOnly: true,
Expand Down
1 change: 1 addition & 0 deletions start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ set -euf
# Exporting only if not already set, see https://stackoverflow.com/a/11686912
export NOCODB_AUTH_TOKEN="${NOCODB_AUTH_TOKEN:=$(cat /etc/nocodb-credentials/authToken)}"
export NOCODB_BASE_URL="${NOCODB_BASE_URL:=$(cat /etc/nocodb-credentials/baseUrl)}"
export SESSION_COOKIE_SECRET="${SESSION_COOKIE_SECRET:=$(cat /etc/session-cookie-secret/secret)}"

npm run start

0 comments on commit ae45fe9

Please sign in to comment.