[dancer-users] Dynamic config setting upon startup [D1]

[Hermann Calabria]

Hi all,

I’m using Dancer::Session::Cookie and facing a bit of a conundrum with the session_cookie_key a setup in the config file.  

As we all know it’s not recommended to include live secrets in a git repository, so I’m attempting to create the session_cookie_key dynamically upon Dancer startup (documented here: https://metacpan.org/pod/Dancer::Config#SETTINGS), as follows:

use Dancer;
set session_cookie_key => crypto_nonce(20);

...

dance;

where crypto_nonce() is a cryptographically strong nonce generator (this approach happens to work for this particular app, because it’s an admin/dashboard panel with a small number of infrequent users, and the it runs on a single machine).

I try to run the app, and get the following error:
The setting session_cookie_key must be defined at /home/hermann/perl5/perlbrew/perls/perl-5.26.2/lib/site_perl/5.26.2/Dancer/Session/Cookie.pm line 38

So I add the following to environments/production.yml:
session_cookie_key : “1”

Try to run the app again, and not unexpectedly, I end up with session_cookie_key = 1.

I can work around the problem by adding a hook:

hook 'before' => sub {
  if ( length(config->{'session_cookie_key'}) < 5 ) {
    set session_cookie_key => crypto_nonce(20);
  }
  ...
};

I’m wondering if there’s a more elegant way to accomplish what I’m trying to do?

Thanks in advance!

Hermann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20190103/bbe97c4e/attachment.html>