Allow session key from env

author: René 'Necoro' Neumann <necoro@necoro.eu> 2024-02-15 21:01:23 +0100
committer: René 'Necoro' Neumann <necoro@necoro.eu> 2024-02-15 21:01:23 +0100
commit: 69682699e2702295b00caa1573c11a769d79fff0 (patch)
tree: d47862818e593c668ce72e74b09315f7d208daec
parent: 569a2dac6617e9aef98ac99989515d53de698b98 (diff)
download: gosten-69682699e2702295b00caa1573c11a769d79fff0.tar.gz
gosten-69682699e2702295b00caa1573c11a769d79fff0.tar.bz2
gosten-69682699e2702295b00caa1573c11a769d79fff0.zip
1 files changed, 11 insertions, 3 deletions
diff --git a/session.go b/session.go
index 382a302..3718623 100644
--- a/session.go
+++ b/session.go
@@ -5,6 +5,7 @@ import (
 	"encoding/gob"
 	"log"
 	"net/http"
+	"os"
 
 	"github.com/gorilla/securecookie"
 	"github.com/gorilla/sessions"
@@ -16,11 +17,8 @@ const (
 	dataKey           = "data"
 )
 
-var sessionStore sessions.Store
-
 func init() {
 	gob.Register(SessionData{})
-	sessionStore = sessions.NewCookieStore(securecookie.GenerateRandomKey(32))
 }
 
 type Session struct {
@@ -61,6 +59,16 @@ func session(r *http.Request) Session {
 }
 
 func sessionHandler(next http.Handler) http.Handler {
+	var key []byte
+
+	if envKey := os.Getenv("GOSTEN_SECRET"); len(envKey) >= 32 {
+		key = []byte(envKey)
+	} else {
+		key = securecookie.GenerateRandomKey(32)
+	}
+
+	sessionStore := sessions.NewCookieStore(key)
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		session, _ := sessionStore.Get(r, sessionCookie)
author	René 'Necoro' Neumann <necoro@necoro.eu>	2024-02-15 21:01:23 +0100
committer	René 'Necoro' Neumann <necoro@necoro.eu>	2024-02-15 21:01:23 +0100
commit	69682699e2702295b00caa1573c11a769d79fff0 (patch)
tree	d47862818e593c668ce72e74b09315f7d208daec
parent	569a2dac6617e9aef98ac99989515d53de698b98 (diff)
download	gosten-69682699e2702295b00caa1573c11a769d79fff0.tar.gz gosten-69682699e2702295b00caa1573c11a769d79fff0.tar.bz2 gosten-69682699e2702295b00caa1573c11a769d79fff0.zip