From 3ded75ca4ff9ee42355fecc0b8d6594bc4dcee37 Mon Sep 17 00:00:00 2001
From: Gabor Javorszky <gabor@javorszky.co.uk>
Date: Sat, 24 Aug 2013 01:02:01 +0100
Subject: [PATCH] Dropping the database invalidates cookies

Closes #418.
* Moved the app config behind the promise wall (I couldn't reliably assign generated uuid to the ghost object AND have access to an automatically created db from fixtures AND not have circular reference (try including api in ghost.js ;) ))
* Added new functionality to `ghost.init()`, which is responsible for the first run bit (I'm thinking plopping a filter or an action in there for future devs)
* Modified `.gitignore` so the `.png`s casper generates aren't added
* Fixed ambiguity and typos here and there, see code
---
 .gitignore    |  5 ++++-
 core/ghost.js | 18 ++++++++++++++++++
 index.js      | 51 ++++++++++++++++++++++++---------------------------
 3 files changed, 46 insertions(+), 28 deletions(-)

diff --git a/.gitignore b/.gitignore
index 434d54d874..c078d10f44 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,4 +39,7 @@ projectFilesBackup
 /_site
 
 # Changelog, which is autogenerated, not committed
-CHANGELOG.md
\ No newline at end of file
+CHANGELOG.md
+
+# Casper generated files
+/core/test/functional/*.png
\ No newline at end of file
diff --git a/core/ghost.js b/core/ghost.js
index 4d679ef490..adcea706d7 100644
--- a/core/ghost.js
+++ b/core/ghost.js
@@ -16,6 +16,7 @@ var config = require('./../config'),
     plugins = require('./server/plugins'),
     requireTree = require('./server/require-tree'),
     permissions = require('./server/permissions'),
+    uuid = require('node-uuid'),
 
 // Variables
     appRoot = path.resolve(__dirname, '../'),
@@ -83,6 +84,9 @@ Ghost = function () {
         // Holds the available plugins
         instance.availablePlugins = {};
 
+        // Holds the dbhash (mainly used for cookie secret)
+        instance.dbHash = undefined;
+
         app = express();
         polyglot = new Polyglot();
 
@@ -133,6 +137,20 @@ Ghost.prototype.init = function () {
     }).then(function () {
         // Initialize the permissions actions and objects
         return permissions.init();
+    }).then(function () {
+        // get the settings and whatnot
+        return when(models.Settings.read('dbHash')).then(function (dbhash) {
+            // we already ran this, chill
+            self.dbHash = dbhash.attributes.value;
+            return dbhash.attributes.value;
+        }).otherwise(function (error) {
+            // this is where all the "first run" functionality should go
+            var dbhash = uuid.v4();
+            return when(models.Settings.add({key: 'dbHash', value: dbhash})).then(function (returned) {
+                self.dbHash = dbhash;
+                return dbhash;
+            });
+        });
     }, errors.logAndThrowError);
 };
 
diff --git a/index.js b/index.js
index eb71bbf89f..e66aa25f96 100644
--- a/index.js
+++ b/index.js
@@ -63,7 +63,7 @@ function auth(req, res, next) {
 
 // While we're here, let's clean up on aisle 5
 // That being ghost.notifications, and let's remove the passives from there
-// plus the local messages, as the have already been added at this point
+// plus the local messages, as they have already been added at this point
 // otherwise they'd appear one too many times
 function cleanNotifications(req, res, next) {
     ghost.notifications = _.reject(ghost.notifications, function (notification) {
@@ -177,41 +177,38 @@ function disableCachedResult(req, res, next) {
     next();
 }
 
-// ##Configuration
-ghost.app().configure(function () {
-    ghost.app().use(isGhostAdmin);
-    ghost.app().use(express.favicon(__dirname + '/content/images/favicon.ico'));
-    ghost.app().use(I18n.load(ghost));
-    ghost.app().use(express.bodyParser({}));
-    ghost.app().use(express.bodyParser({uploadDir: __dirname + '/content/images'}));
-    ghost.app().use(express.cookieParser('try-ghost'));
-    ghost.app().use(express.cookieSession({ cookie: { maxAge: 60000000 }}));
-    ghost.app().use(ghost.initTheme(ghost.app()));
-
-    if (process.env.NODE_ENV !== "development") {
-        ghost.app().use(express.logger());
-        ghost.app().use(express.errorHandler({ dumpExceptions: false, showStack: false }));
-    }
-});
-
-// Development only configuration
-ghost.app().configure("development", function () {
-    ghost.app().use(express.errorHandler({ dumpExceptions: true, showStack: true }));
-    ghost.app().use(express.logger('dev'));
-});
-
-
 // Expose the promise we will resolve after our pre-loading
 ghost.loaded = loading.promise;
 
 when.all([ghost.init(), filters.loadCoreFilters(ghost), helpers.loadCoreHelpers(ghost)]).then(function () {
 
+    // ##Configuration
+    ghost.app().configure(function () {
+        ghost.app().use(isGhostAdmin);
+        ghost.app().use(express.favicon(__dirname + '/content/images/favicon.ico'));
+        ghost.app().use(I18n.load(ghost));
+        ghost.app().use(express.bodyParser({}));
+        ghost.app().use(express.bodyParser({uploadDir: __dirname + '/content/images'}));
+        ghost.app().use(express.cookieParser(ghost.dbHash));
+        ghost.app().use(express.cookieSession({ cookie: { maxAge: 60000000 }}));
+        ghost.app().use(ghost.initTheme(ghost.app()));
+        if (process.env.NODE_ENV !== "development") {
+            ghost.app().use(express.logger());
+            ghost.app().use(express.errorHandler({ dumpExceptions: false, showStack: false }));
+        }
+    });
+
+    // Development only configuration
+    ghost.app().configure("development", function () {
+        ghost.app().use(express.errorHandler({ dumpExceptions: true, showStack: true }));
+        ghost.app().use(express.logger('dev'));
+    });
+
     // post init config
     ghost.app().use(ghostLocals);
-    // because science
+    // So on every request we actually clean out reduntant passive notifications from the server side
     ghost.app().use(cleanNotifications);
 
-
     // ## Routing
 
     // ### API routes