Ensure the app does not even start if OTP_SECRET is not set (#6557)
* Ensure the app does not even start if OTP_SECRET is not set * Remove PAPERCLIP_SECRET (it's not used by anything, actually) Imports are for internal consumption and the url option isn't even used correctly, so we can remove the hash stuff from themgh/stable
parent
f0a1b1a152
commit
5cc716688a
|
@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com
|
||||||
|
|
||||||
# Application secrets
|
# Application secrets
|
||||||
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
|
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
|
||||||
PAPERCLIP_SECRET=
|
|
||||||
SECRET_KEY_BASE=
|
SECRET_KEY_BASE=
|
||||||
OTP_SECRET=
|
OTP_SECRET=
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ class Import < ApplicationRecord
|
||||||
|
|
||||||
validates :type, presence: true
|
validates :type, presence: true
|
||||||
|
|
||||||
has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET']
|
has_attached_file :data
|
||||||
validates_attachment_content_type :data, content_type: FILE_TYPES
|
validates_attachment_content_type :data, content_type: FILE_TYPES
|
||||||
validates_attachment_presence :data
|
validates_attachment_presence :data
|
||||||
end
|
end
|
||||||
|
|
|
@ -44,7 +44,7 @@ class User < ApplicationRecord
|
||||||
ACTIVE_DURATION = 14.days
|
ACTIVE_DURATION = 14.days
|
||||||
|
|
||||||
devise :two_factor_authenticatable,
|
devise :two_factor_authenticatable,
|
||||||
otp_secret_encryption_key: ENV['OTP_SECRET']
|
otp_secret_encryption_key: ENV.fetch('OTP_SECRET')
|
||||||
|
|
||||||
devise :two_factor_backupable,
|
devise :two_factor_backupable,
|
||||||
otp_number_of_backup_codes: 10
|
otp_number_of_backup_codes: 10
|
||||||
|
|
|
@ -23,7 +23,7 @@ namespace :mastodon do
|
||||||
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
|
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
|
||||||
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
|
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
|
||||||
|
|
||||||
%w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
|
%w(SECRET_KEY_BASE OTP_SECRET).each do |key|
|
||||||
env[key] = SecureRandom.hex(64)
|
env[key] = SecureRandom.hex(64)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Reference in New Issue