Ensure the app does not even start if OTP_SECRET is not set (#6557)
* Ensure the app does not even start if OTP_SECRET is not set * Remove PAPERCLIP_SECRET (it's not used by anything, actually) Imports are for internal consumption and the url option isn't even used correctly, so we can remove the hash stuff from themmain
parent
f0a1b1a152
commit
5cc716688a
|
@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com
|
||||||
|
|
||||||
# Application secrets
|
# Application secrets
|
||||||
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
|
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
|
||||||
PAPERCLIP_SECRET=
|
|
||||||
SECRET_KEY_BASE=
|
SECRET_KEY_BASE=
|
||||||
OTP_SECRET=
|
OTP_SECRET=
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ class Import < ApplicationRecord
|
||||||
|
|
||||||
validates :type, presence: true
|
validates :type, presence: true
|
||||||
|
|
||||||
has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET']
|
has_attached_file :data
|
||||||
validates_attachment_content_type :data, content_type: FILE_TYPES
|
validates_attachment_content_type :data, content_type: FILE_TYPES
|
||||||
validates_attachment_presence :data
|
validates_attachment_presence :data
|
||||||
end
|
end
|
||||||
|
|
|
@ -44,7 +44,7 @@ class User < ApplicationRecord
|
||||||
ACTIVE_DURATION = 14.days
|
ACTIVE_DURATION = 14.days
|
||||||
|
|
||||||
devise :two_factor_authenticatable,
|
devise :two_factor_authenticatable,
|
||||||
otp_secret_encryption_key: ENV['OTP_SECRET']
|
otp_secret_encryption_key: ENV.fetch('OTP_SECRET')
|
||||||
|
|
||||||
devise :two_factor_backupable,
|
devise :two_factor_backupable,
|
||||||
otp_number_of_backup_codes: 10
|
otp_number_of_backup_codes: 10
|
||||||
|
|
|
@ -23,7 +23,7 @@ namespace :mastodon do
|
||||||
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
|
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
|
||||||
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
|
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
|
||||||
|
|
||||||
%w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
|
%w(SECRET_KEY_BASE OTP_SECRET).each do |key|
|
||||||
env[key] = SecureRandom.hex(64)
|
env[key] = SecureRandom.hex(64)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue