Added support for IndieAuth client sign in

This will allow readers to view private posts intended just for them.

Additionally fixed bugs in patterns due to which webmentions might not
have been sent.

1 files changed, 11 insertions, 0 deletions

diff --git a/flake.nix b/flake.nix
index 0b0e039..4366190 100644
--- a/flake.nix
+++ b/flake.nix
@@ -124,6 +124,12 @@
             example = "/run/secrets/kittybox-shared-secret";
             description = "A shared secret that will, when passed, allow unlimited editing access to database. Keep it safe.";
           };
+          cookieSecretFile = mkOption {
+            type = types.str;
+            default = "/var/lib/kittybox/cookie_secret_key";
+            example = "/run/secrets/kittybox-cookie-secret";
+            description = "A secret file to encrypt cookies with the contents of. Should be at least 32 bytes in length. A random persistent file will be generated if this variable is left untouched.";
+          };
         };
       };
       config = lib.mkIf cfg.enable {
@@ -139,6 +145,7 @@
             cfg.authorizationEndpoint
             cfg.internalTokenFile
             cfg.bind cfg.port
+            cfg.cookieSecretFile
           ];
 
           environment = {
@@ -151,6 +158,7 @@
             #REDIS_URI = if (cfg.redisUri == null) then "redis://127.0.0.1:6379/" else cfg.redisUri;
             BACKEND_URI = cfg.backendUri;
             RUST_LOG = "${cfg.logLevel}";
+            COOKIE_SECRET_FILE = "${cfg.cookieSecretFile}";
           };
 
           script = ''
@@ -159,6 +167,9 @@
                 export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile})
               fi
             ''}
+            if [[ ${cfg.cookieSecretFile} == /var/lib/kittybox/cookie_secret_key && ! -f /var/lib/kittybox/cookie_secret_key ]]; then
+                cat /dev/urandom | tr -Cd '[:alnum:]' | head -c 128 > /var/lib/kittybox/cookie_secret_key
+            fi
             exec ${cfg.package}/bin/kittybox
           '';