neale
/
simpleauth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Talk about persistent secret

This commit is contained in:
Neale Pickett 2022-09-10 14:05:46 -06:00
parent 6d67ee3bfb
commit 3bcc903be2
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -73,9 +73,12 @@ The token is an HMAC digest of an expiration timestamp,
plus the timestamp. plus the timestamp.
When the HMAC is good, and the timestamp is in the future, When the HMAC is good, and the timestamp is in the future,
the token is a valid authentication. the token is a valid authentication.
This technique means there is no persistent server storage, This technique means there is no persistent server storage.
but also means that if the server restarts,
everybody has to log in again. If you use the default of pulling the session secret from the OS PRNG,
then everybody will have to log in again every time the server restarts.
You can use the `-secret` argument to provide a persistent secret,
so this won't happen.
Some things, Some things,
like WebDAV, like WebDAV,

2
build/Containerfile
View File

@ -9,4 +9,4 @@ RUN go install -v ./...
FROM alpine FROM alpine
COPY --from=builder /go/bin/simpleauth /bin COPY --from=builder /go/bin/simpleauth /bin
COPY --from=builder /go/src/app/static /static COPY --from=builder /go/src/app/static /static
CMD ["/bin/simpleauth"] ENTRYPOINT ["/bin/simpleauth"]