ability to customize the session secret and expiration

README.md

@@ -64,6 +64,10 @@ port=""
 key=""
 cert=""
 
+[session]
+secret=""
+duration=""
+
 [database]
 driver=""
 datasource=""

debian/drone/etc/drone/drone.toml

@@ -3,16 +3,18 @@
 port=":80"
 
 #####################################################################
-# SSL configuration for Drone. Provide you key and cert chain
-# to server Drone over https.
+# SSL configuration
 #
 # [server.ssl]
 # key=""
 # cert=""
 
+# [session]
+# secret=""
+# duration=""
 
 #####################################################################
-# Database configuration for Drone, by default using SQLite3.
+# Database configuration, by default using SQLite3.
 # You can also use postgres and mysql. See the documentation
 # for more details.
 

plugin/deploy/cloudfoundry/cloudfoundry.go

@@ -0,0 +1,51 @@
+package cloudfoundry
+
+import (
+	"fmt"
+	"github.com/drone/drone/plugin/condition"
+	"github.com/drone/drone/shared/build/buildfile"
+)
+
+type CloudFoundry struct {
+	Target   string `yaml:"target,omitempty"`
+	Username string `yaml:"username,omitempty"`
+	Password string `yaml:"password,omitempty"`
+	Org      string `yaml:"org,omitempty"`
+	Space    string `yaml:"space,omitempty"`
+
+	App string `yaml:"app,omitempty"`
+
+	Condition *condition.Condition `yaml:"when,omitempty"`
+}
+
+func (cf *CloudFoundry) Write(f *buildfile.Buildfile) {
+	downloadCmd := "curl -sLO http://go-cli.s3-website-us-east-1.amazonaws.com/releases/latest/cf-cli_amd64.deb"
+	installCmd := "dpkg -i cf-cli_amd64.deb 1> /dev/null 2> /dev/null"
+
+	// download and install the cf tool
+	f.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && sudo %s || %s", downloadCmd, downloadCmd))
+	f.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && sudo %s || %s", installCmd, installCmd))
+
+	// login
+	loginCmd := "cf login -a %s -u %s -p %s"
+
+	organization := cf.Org
+	if organization != "" {
+		loginCmd += fmt.Sprintf(" -o %s", organization)
+	}
+
+	space := cf.Space
+	if space != "" {
+		loginCmd += fmt.Sprintf(" -s %s", space)
+	}
+
+	f.WriteCmdSilent(fmt.Sprintf(loginCmd, cf.Target, cf.Username, cf.Password))
+
+	// push app
+	pushCmd := "cf push %s"
+	f.WriteCmd(fmt.Sprintf(pushCmd, cf.App))
+}
+
+func (cf *CloudFoundry) GetCondition() *condition.Condition {
+	return cf.Condition
+}

server/session/session.go

@@ -7,14 +7,21 @@ import (
 
 	"code.google.com/p/go.net/context"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/drone/config"
 	"github.com/drone/drone/server/datastore"
 	"github.com/drone/drone/shared/httputil"
 	"github.com/drone/drone/shared/model"
 	"github.com/gorilla/securecookie"
 )
 
-// secret key used to create jwt
-var secret = securecookie.GenerateRandomKey(32)
+// random key used to create jwt if none
+// provided in the configuration.
+var random = securecookie.GenerateRandomKey(32)
+
+var (
+	secret  = config.String("session-secret", string(random))
+	expires = config.Duration("session-expires", time.Hour*72)
+)
 
 // GetUser gets the currently authenticated user for the
 // http.Request. The user details will be stored as either
@@ -38,7 +45,7 @@ func GenerateToken(c context.Context, r *http.Request, user *model.User) (string
 	token.Claims["user_id"] = user.ID
 	token.Claims["audience"] = httputil.GetURL(r)
 	token.Claims["expires"] = time.Now().UTC().Add(time.Hour * 72).Unix()
-	return token.SignedString(secret)
+	return token.SignedString([]byte(*secret))
 }
 
 // getUserToken gets the currently authenticated user for the given
@@ -56,7 +63,7 @@ func getUserBearer(c context.Context, r *http.Request) *model.User {
 	fmt.Sscanf(tokenstr, "Bearer %s", &tokenstr)
 
 	var token, err = jwt.Parse(tokenstr, func(t *jwt.Token) (interface{}, error) {
-		return secret, nil
+		return []byte(*secret), nil
 	})
 	if err != nil || !token.Valid {
 		println("invalid token")