proxy auth: create token secret

src/proxyauth.js

@@ -11,6 +11,8 @@ const assert = require('assert'),
     constants = require('./constants.js'),
     debug = require('debug')('box:proxyAuth'),
     express = require('express'),
+    fs = require('fs'),
+    hat = require('./hat.js'),
     http = require('http'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -18,10 +20,11 @@ const assert = require('assert'),
     middleware = require('./middleware'),
     mustacheExpress = require('mustache-express'),
     path = require('path'),
+    paths = require('./paths.js'),
     users = require('./users.js');
 
 let gHttpServer = null;
-const TOKEN_SECRET = 'somerandomsecret';
+let TOKEN_SECRET = null;
 const EXPIRY_DAYS = 7;
 
 // middleware to check auth status
@@ -149,6 +152,13 @@ function start(callback) {
     assert.strictEqual(typeof callback, 'function');
     assert.strictEqual(gHttpServer, null, 'Authwall is already up and running.');
 
+    if (!fs.existsSync(paths.PROXY_AUTH_TOKEN_SECRET_FILE)) {
+        TOKEN_SECRET = hat(64);
+        fs.writeFileSync(paths.PROXY_AUTH_TOKEN_SECRET_FILE, TOKEN_SECRET, 'utf8');
+    } else {
+        TOKEN_SECRET = fs.readFileSync(paths.PROXY_AUTH_TOKEN_SECRET_FILE, 'utf8').trim();
+    }
+
     gHttpServer = initializeAuthwallExpressSync();
 
     gHttpServer.listen(constants.AUTHWALL_PORT, '127.0.0.1', callback);