fix(server/(config): add config validation for session_secret

dyc3 · Nov 13, 2024 · d9fd5fd · d9fd5fd
1 parent f11d782
commit d9fd5fd
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/server/ott-config.ts b/server/ott-config.ts
@@ -520,6 +520,14 @@ export function validateConfig(): Result<void, Error> {
 		return err(new Error("Invalid configuration."));
 	}
 
+	if (conf.get("session_secret").length < 80) {
+		log.error(
+			"session_secret must be at least 80 characters long. Use a password generator to generate a secure alphanumeric secret."
+		);
+		log.error("This can also be set with the SESSION_SECRET environment variable.");
+		return err(new Error("Invalid configuration."));
+	}
+
 	return ok(undefined);
 }