Add hmacKey config field for video signing

HamzaAlwan · Oct 23, 2019 · e91e7bc · e91e7bc
1 parent a56f217
commit e91e7bc
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -71,10 +71,10 @@ $ nimble scss
 $ mkdir ./tmp
 ```
 
-Set your hostname, port and page title in `nitter.conf`, then run Nitter by
-executing `./nitter`. You should run Nitter behind a reverse proxy such as
-[Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for better
-security.
+Set your hostname, port, page title and HMAC key in `nitter.conf`, then run
+Nitter by executing `./nitter`. You should run Nitter behind a reverse proxy
+such as [Nginx](https://github.com/zedeus/nitter/wiki/Nginx) or Apache for
+better security.
 
 To build and run Nitter in Docker:
 ```bash

diff --git a/nitter.conf b/nitter.conf
@@ -12,3 +12,4 @@ profileMinutes = 10  # how long to cache profiles
 
 [Config]
 defaultTheme = "Dark"
+hmacKey = "secretkey" # for signing video urls
diff --git a/src/config.nim b/src/config.nim
@@ -23,5 +23,6 @@ proc getConfig*(path: string): Config =
     cacheDir: cfg.get("Cache", "directory", "/tmp/nitter"),
     profileCacheTime: cfg.get("Cache", "profileMinutes", 10),
 
-    defaultTheme: cfg.get("Config", "defaultTheme", "Dark")
+    defaultTheme: cfg.get("Config", "defaultTheme", "Dark"),
+    hmacKey: cfg.get("Config", "hmacKey", "secretkey")
   )
diff --git a/src/nitter.nim b/src/nitter.nim
@@ -11,6 +11,8 @@ import routes/[
 const configPath {.strdefine.} = "./nitter.conf"
 let cfg = getConfig(configPath)
 
+setHmacKey(cfg.hmacKey)
+
 createUnsupportedRouter(cfg)
 createPrefRouter(cfg)
 createTimelineRouter(cfg)

diff --git a/src/types.nim b/src/types.nim
@@ -178,6 +178,7 @@ type
     cacheDir*: string
     profileCacheTime*: int
     defaultTheme*: string
+    hmacKey*: string
 
 proc contains*(thread: Chain; tweet: Tweet): bool =
   thread.content.anyIt(it.id == tweet.id)
diff --git a/src/utils.nim b/src/utils.nim
@@ -1,20 +1,24 @@
 import strutils, strformat, sequtils, uri, tables
 import nimcrypto, regex
 
+var hmacKey = "secretkey"
+
 const
-  key = "supersecretkey"
+  badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"]
+  badPngExts = @["pngn", "png:", "png_"]
   twitterDomains = @[
     "twitter.com",
     "twimg.com",
     "abs.twimg.com",
     "pbs.twimg.com",
     "video.twimg.com"
   ]
-  badJpgExts = @["1500x500", "jpgn", "jpg:", "jpg_"]
-  badPngExts = @["pngn", "png:", "png_"]
+
+proc setHmacKey*(key: string) =
+  hmacKey = key
 
 proc getHmac*(data: string): string =
-  ($hmac(sha256, key, data))[0 .. 12]
+  ($hmac(sha256, hmacKey, data))[0 .. 12]
 
 proc getVidUrl*(link: string): string =
   let
Original file line number	Diff line number	Diff line change
Expand Up		@@ -12,3 +12,4 @@ profileMinutes = 10 # how long to cache profiles

		[Config]
		defaultTheme = "Dark"
		hmacKey = "secretkey" # for signing video urls