From f3cefa57151447f32d7a9f282f7e4c1d4c55a6b9 Mon Sep 17 00:00:00 2001
From: Luigi Pinca <luigipinca@gmail.com>
Date: Sun, 24 Feb 2013 11:19:13 +0100
Subject: [PATCH] use a default secret when SITE_SECRET env variable is not set

---
 app.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app.js b/app.js
index 129416a..2ed4a5a 100644
--- a/app.js
+++ b/app.js
@@ -8,6 +8,7 @@ var config = require('./config')
   , parseCookie = require('express/node_modules/cookie').parse
   , parseSignedCookies = require('express/node_modules/connect').utils.parseSignedCookies
   , redisstore = require('connect-redis')(express)
+  , secret = process.env.SITE_SECRET || 'shhhh, very secret'
   , site = require('./routes/site')
   , user = require('./routes/user')
   , usersdb = require('./lib/redis-clients').users;
@@ -25,7 +26,7 @@ app.set('view engine', 'jade');
 app.use('/static', express.static(pub, {maxAge: 2419200000})); // 4 weeks = 2419200000 ms
 app.use(express.favicon(pub + '/img/favicon.ico', {maxAge: 2419200000}));
 app.use(express.bodyParser());
-app.use(express.cookieParser(process.env.SITE_SECRET));
+app.use(express.cookieParser(secret));
 app.use(express.session({store: sessionstore, cookie: {maxAge: 14400000}})); // 4 h = 14400000 ms
 
 // Routes
@@ -75,7 +76,7 @@ io.set('authorization', function(data, accept) {
     return accept('no cookie transmitted', false);
   }
   var signedcookie = parseCookie(data.headers.cookie);
-  var cookie = parseSignedCookies(signedcookie, process.env.SITE_SECRET);
+  var cookie = parseSignedCookies(signedcookie, secret);
   sessionstore.get(cookie['connect.sid'], function(err, session) {
     if (err) {
       return accept(err.message, false);
-- 
2.54.0