frontend: Generate random secret by default

2025-12-14 03:32:15 +00:00 · 2025-05-15 20:58:17 +02:00
parent 212274fce9
commit 0acc3c22d9
4 changed files with 15 additions and 16 deletions
--- a/crates/frontend/src/config.rs
+++ b/crates/frontend/src/config.rs
@@ -1,5 +1,14 @@
+use rand::RngCore;
 use serde::{Deserialize, Serialize};

+pub fn generate_frontend_secret() -> [u8; 64] {
+    let mut rng = rand::thread_rng();
+
+    let mut secret = [0u8; 64];
+    rng.fill_bytes(&mut secret);
+    secret
+}
+
 fn default_true() -> bool {
    true
 }
@@ -9,6 +18,7 @@ fn default_true() -> bool {
 pub struct FrontendConfig {
    #[serde(serialize_with = "hex::serde::serialize")]
    #[serde(deserialize_with = "hex::serde::deserialize")]
+    #[serde(default = "generate_frontend_secret")]
    pub secret_key: [u8; 64],
    #[serde(default = "default_true")]
    pub enabled: bool,
--- a/crates/frontend/src/lib.rs
+++ b/crates/frontend/src/lib.rs
@@ -38,7 +38,7 @@ mod routes;
 pub const ROUTE_NAME_HOME: &str = "frontend_home";
 pub const ROUTE_USER_NAMED: &str = "frontend_user_named";

-pub use config::FrontendConfig;
+pub use config::{FrontendConfig, generate_frontend_secret};

 pub fn generate_app_token() -> String {
    rand::thread_rng()
--- a/src/commands/mod.rs
+++ b/src/commands/mod.rs
@@ -2,8 +2,8 @@ use argon2::password_hash::SaltString;
 use clap::{Parser, ValueEnum};
 use password_hash::PasswordHasher;
 use pbkdf2::Params;
-use rand::{RngCore, rngs::OsRng};
-use rustical_frontend::FrontendConfig;
+use rand::rngs::OsRng;
+use rustical_frontend::{FrontendConfig, generate_frontend_secret};

 use crate::config::{
    Config, DataStoreConfig, DavPushConfig, HttpConfig, SqliteDataStoreConfig, TracingConfig,
@@ -15,14 +15,6 @@ pub mod principals;
 #[derive(Debug, Parser)]
 pub struct GenConfigArgs {}

-pub fn generate_frontend_secret() -> [u8; 64] {
-    let mut rng = rand::thread_rng();
-
-    let mut secret = [0u8; 64];
-    rng.fill_bytes(&mut secret);
-    secret
-}
-
 pub fn cmd_gen_config(_args: GenConfigArgs) -> anyhow::Result<()> {
    let config = Config {
        http: HttpConfig::default(),
--- a/src/main.rs
+++ b/src/main.rs
@@ -131,13 +131,10 @@ async fn main() -> Result<()> {

 #[cfg(test)]
 mod tests {
-    use crate::{
-        app::make_app, commands::generate_frontend_secret, config::NextcloudLoginConfig,
-        get_data_stores,
-    };
+    use crate::{app::make_app, config::NextcloudLoginConfig, get_data_stores};
    use actix_web::{http::StatusCode, test::TestRequest};
-    use rustical_frontend::FrontendConfig;
    use rustical_frontend::nextcloud_login::NextcloudFlows;
+    use rustical_frontend::{FrontendConfig, generate_frontend_secret};
    use std::sync::Arc;

    #[tokio::test]