Set the CookieStore key in Auth API Server

This commit sets CookieStore key to a random string earlier it was empty and due change in `gorilla/securecookie` package CookieStore expects to set the key Signed-off-by: Shiv Verma <[email protected]>
tektoncd · Nov 27, 2023 · 417bf03 · 417bf03
1 parent fdd2d38
commit 417bf03
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/api/pkg/auth/base.go b/api/pkg/auth/base.go
@@ -15,6 +15,8 @@
 package auth
 
 import (
+	"crypto/rand"
+	"encoding/base64"
 	"net/http"
 	"os"
 	"strings"
@@ -31,11 +33,25 @@ import (
 	auth "github.com/tektoncd/hub/api/pkg/auth/service"
 )
 
+// generateRandomKey return a random generated key
+func generateRandomKey(length int) (string, error) {
+	key := make([]byte, length)
+	_, err := rand.Read(key)
+	if err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(key), nil
+}
+
 // Auth Provider provides routes for authentication
 // and also defines git providers using goth
 func AuthProvider(r *mux.Router, api app.Config) {
 
-	key := ""            // Replace with your SESSION_SECRET or similar
+	key, err := generateRandomKey(32)
+	if err != nil {
+		panic(err)
+	}
+
 	maxAge := 86400 * 30 // 30 days
 	isProd := true       // Set to false when not serving over https
 	if api.Environment() != app.EnvMode("production") {