Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Passed members_email_auth_secret to members-api

Browse source 
no-issue
This commit is contained in:
Fabien O'Carroll 2019-10-10 17:31:38 +07:00
parent cbb13904b8
commit 0c602976c0
1 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
core/server/services/members/api.js
View file

@ -1,3 +1,4 @@
const crypto = require('crypto');
const {URL} = require('url');
const settingsCache = require('../settings/cache');
const urlUtils = require('../../lib/url-utils');
@ -156,6 +157,20 @@ function getStripePaymentConfig() {
};
}
function getAuthSecret() {
const hexSecret = settingsCache.get('members_email_auth_secret');
if (!hexSecret) {
common.logging.warn('Could not find members_email_auth_secret, using dynamically generated secret');
return crypto.randomBytes(64);
}
const secret = Buffer.from(hexSecret, 'hex');
if (secret.length < 64) {
common.logging.warn('members_email_auth_secret not large enough (64 bytes), using dynamically generated secret');
return crypto.randomBytes(64);
}
return secret;
}
function getRequirePaymentSetting() {
const subscriptionSettings = settingsCache.get('members_subscription_settings');
return !!subscriptionSettings.requirePaymentForSignup;
@ -184,7 +199,8 @@ function createApiInstance() {
signinURL.searchParams.set('action', type);
return signinURL.href;
},
allowSelfSignup: !getRequirePaymentSetting()
allowSelfSignup: !getRequirePaymentSetting(),
secret: getAuthSecret()
},
mail: {
transporter: {