From ae1dda3df9c3a56c36e5e82d8b0d9cda109241c3 Mon Sep 17 00:00:00 2001 From: amhsirak Date: Tue, 6 May 2025 19:02:55 +0530 Subject: [PATCH 1/4] feat: use SESSION_SECRET env var --- server/src/server.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/server.ts b/server/src/server.ts index ae055464..7f2d04d3 100644 --- a/server/src/server.ts +++ b/server/src/server.ts @@ -60,7 +60,7 @@ const sessionStore = new PgSession({ app.use( session({ store: sessionStore, - secret: 'mx-session', + secret: process.env.SESSION_SECRET || 'mx-session', resave: false, saveUninitialized: false, cookie: { From 7fdc38a34c0f8c290085c9f314de1f3664f029b8 Mon Sep 17 00:00:00 2001 From: Karishma Shukla Date: Tue, 6 May 2025 19:06:46 +0530 Subject: [PATCH 2/4] feat: SESSION_SECRET --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a16df810..fced1ea5 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,7 @@ You can access the frontend at http://localhost:5173/ and backend at http://loca | `DB_HOST` | Yes | Host address where the Postgres database server is running. | Database connection will fail. | | `DB_PORT` | Yes | Port number used to connect to the Postgres database server. | Database connection will fail. | | `ENCRYPTION_KEY` | Yes | Key used for encrypting sensitive data (proxies, passwords). | Encryption functionality will not work. | +| `SESSION_SECRET` | No | A strong, random string used to sign session cookies | Uses default secret. Recommended to define your own session secret to avoid session hijacking. | | `MINIO_ENDPOINT` | Yes | Endpoint URL for MinIO, to store Robot Run Screenshots. | Connection to MinIO storage will fail. | | `MINIO_PORT` | Yes | Port number for MinIO service. | Connection to MinIO storage will fail. | | `MINIO_CONSOLE_PORT` | No | Port number for MinIO WebUI service. Needed for Docker setup. | Cannot access MinIO Web UI. | From da8406c65e72f5035d63728aba593e56c107770f Mon Sep 17 00:00:00 2001 From: Karishma Shukla Date: Tue, 6 May 2025 19:09:40 +0530 Subject: [PATCH 3/4] feat: add SESSION_SECRET --- ENVEXAMPLE | 1 + 1 file changed, 1 insertion(+) diff --git a/ENVEXAMPLE b/ENVEXAMPLE index dbe5470c..1e552886 100644 --- a/ENVEXAMPLE +++ b/ENVEXAMPLE @@ -7,6 +7,7 @@ DB_PASSWORD=postgres # PostgreSQL password DB_HOST=postgres # Host for PostgreSQL in Docker DB_PORT=5432 # Port for PostgreSQL (default: 5432) ENCRYPTION_KEY=f4d5e6a7b8c9d0e1f23456789abcdef01234567890abcdef123456789abcdef0 # Key for encrypting sensitive data (passwords and proxies) +SESSION_SECRET=maxun_session MINIO_ENDPOINT=minio # MinIO endpoint in Docker MINIO_PORT=9000 # Port for MinIO (default: 9000) MINIO_CONSOLE_PORT=9001 # Web UI Port for MinIO (default: 9001) From 456c5cc450fab11538178f930a8fadb0f8c1769c Mon Sep 17 00:00:00 2001 From: Karishma Shukla Date: Tue, 6 May 2025 19:10:24 +0530 Subject: [PATCH 4/4] feat: SESSION_SECRET note --- ENVEXAMPLE | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ENVEXAMPLE b/ENVEXAMPLE index 1e552886..db461f55 100644 --- a/ENVEXAMPLE +++ b/ENVEXAMPLE @@ -7,7 +7,8 @@ DB_PASSWORD=postgres # PostgreSQL password DB_HOST=postgres # Host for PostgreSQL in Docker DB_PORT=5432 # Port for PostgreSQL (default: 5432) ENCRYPTION_KEY=f4d5e6a7b8c9d0e1f23456789abcdef01234567890abcdef123456789abcdef0 # Key for encrypting sensitive data (passwords and proxies) -SESSION_SECRET=maxun_session +SESSION_SECRET=maxun_session # A strong, random string used to sign session cookies. Recommended to define your own session secret to avoid session hijacking. + MINIO_ENDPOINT=minio # MinIO endpoint in Docker MINIO_PORT=9000 # Port for MinIO (default: 9000) MINIO_CONSOLE_PORT=9001 # Web UI Port for MinIO (default: 9001)