Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-09 20:52:56 +01:00
Code Issues Releases Activity

Add update secret in the .env file

Browse Source
This commit is contained in:
Hillel Coren 2017-12-01 09:46:15 +02:00
parent e301ebfe0a
commit 39cf717472
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/AppController.php
View File

@ -269,6 +269,12 @@ class AppController extends BaseController
public function update()
{
if (! Utils::isNinjaProd()) {
if ($password = env('UPDATE_SECRET')) {
if (! hash_equals($password, request('secret') ?: '')) {
abort(400, 'Invalid secret: /update?secret=<value>');
}
}
try {
set_time_limit(60 * 5);
$this->checkInnoDB();

15
docs/configure.rst
View File

@ -94,6 +94,15 @@ Follow these steps to add a custom driver.
.. NOTE:: Most drivers also require `code changes <https://github.com/invoiceninja/invoiceninja/tree/master/app/Ninja/PaymentDrivers>`_ to work correctly.
Security
""""""""
To require a password to update the app add ``UPDATE_SECRET=random_value`` to the .env file and then use /update?secret=random_value to update.
By default the app clears the session when the browser is closed and automatically logs the user out after 8 hours.
This can be modified by setting ``REMEMBER_ME_ENABLED`` and ``AUTO_LOGOUT_SECONDS`` in the .env file.
Google Map
""""""""""
@ -128,12 +137,6 @@ If you need to set a list of trusted proxies you can add a TRUSTED_PROXIES value
TRUSTED_PROXIES='10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
Stay logged in
""""""""""""""
By default the app clears the session when the browser is closed and automatically logs the user out after 8 hours.
This can be modified by setting ``REMEMBER_ME_ENABLED`` and ``AUTO_LOGOUT_SECONDS`` in the .env file.
Customizations
""""""""""""""