security update

This commit is contained in:
orangecoding
2026-03-31 13:33:01 +02:00
parent 1c9d7c9d92
commit d7f46d6c68
5 changed files with 56 additions and 9 deletions

View File

@@ -67,6 +67,19 @@ export async function getSettings() {
return cachedSettingsConfig;
}
/**
* Get or create a persistent session signing secret.
* Generated once and stored in the settings table under the key 'session_secret'.
* @returns {Promise<string>}
*/
export async function getOrCreateSessionSecret() {
const settings = await getSettings();
if (settings.session_secret) return settings.session_secret;
const secret = nanoid(64);
upsertSettings({ session_secret: secret });
return secret;
}
/**
* Upsert settings rows.
* - Accepts an object map of name -> value, or an entry {name, value}.