diff --git a/src/paths.js b/src/paths.js index 9c6856508..600a7c7e9 100644 --- a/src/paths.js +++ b/src/paths.js @@ -35,6 +35,7 @@ exports = module.exports = { SNAPSHOT_INFO_FILE: path.join(baseDir(), 'platformdata/backup/snapshot-info.json'), DYNDNS_INFO_FILE: path.join(baseDir(), 'platformdata/dyndns-info.json'), FEATURES_INFO_FILE: path.join(baseDir(), 'platformdata/features-info.json'), + PROXY_AUTH_TOKEN_SECRET_FILE: path.join(baseDir(), 'platformdata/proxy-auth-token-secret'), VERSION_FILE: path.join(baseDir(), 'platformdata/VERSION'), // this is not part of appdata because an icon may be set before install diff --git a/src/proxyauth.js b/src/proxyauth.js index 1037a1f16..d452d5fa3 100644 --- a/src/proxyauth.js +++ b/src/proxyauth.js @@ -11,6 +11,8 @@ const assert = require('assert'), constants = require('./constants.js'), debug = require('debug')('box:proxyAuth'), express = require('express'), + fs = require('fs'), + hat = require('./hat.js'), http = require('http'), HttpError = require('connect-lastmile').HttpError, HttpSuccess = require('connect-lastmile').HttpSuccess, @@ -18,10 +20,11 @@ const assert = require('assert'), middleware = require('./middleware'), mustacheExpress = require('mustache-express'), path = require('path'), + paths = require('./paths.js'), users = require('./users.js'); let gHttpServer = null; -const TOKEN_SECRET = 'somerandomsecret'; +let TOKEN_SECRET = null; const EXPIRY_DAYS = 7; // middleware to check auth status @@ -149,6 +152,13 @@ function start(callback) { assert.strictEqual(typeof callback, 'function'); assert.strictEqual(gHttpServer, null, 'Authwall is already up and running.'); + if (!fs.existsSync(paths.PROXY_AUTH_TOKEN_SECRET_FILE)) { + TOKEN_SECRET = hat(64); + fs.writeFileSync(paths.PROXY_AUTH_TOKEN_SECRET_FILE, TOKEN_SECRET, 'utf8'); + } else { + TOKEN_SECRET = fs.readFileSync(paths.PROXY_AUTH_TOKEN_SECRET_FILE, 'utf8').trim(); + } + gHttpServer = initializeAuthwallExpressSync(); gHttpServer.listen(constants.AUTHWALL_PORT, '127.0.0.1', callback);