neocgit

a more 'modern' version of cgit
Log | Files | Refs | Submodules | README | LICENSE | git clone https://git.ne02ptzero.me/git/neocgit

commit 9dde6d38e9fc273fc62386eeda0da2e89a2cebfc
parent a2b6b3717567a5b57a19d19ed89af324296f39a9
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Fri, 17 Jan 2014 15:34:44 +0100

auth: document tweakables in lua script

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Diffstat:
Mfilters/simple-authentication.lua | 10++++++++++
1 file changed, 10 insertions(+), 0 deletions(-)

diff --git a/filters/simple-authentication.lua b/filters/simple-authentication.lua @@ -12,17 +12,27 @@ -- -- +-- A list of password protected repositories along with the users who can access them. local protected_repos = { glouglou = { laurent = true, jason = true }, qt = { jason = true, bob = true } } +-- Please note that, in production, you'll want to replace this simple lookup +-- table with either a table of salted and hashed passwords (using something +-- smart like scrypt), or replace this table lookup with an external support, +-- such as consulting your system's pam / shadow system, or an external +-- database, or an external validating web service. For testing, or for +-- extremely low-security usage, you may be able, however, to get away with +-- compromising on hardcoding the passwords in cleartext, as we have done here. local users = { jason = "secretpassword", laurent = "s3cr3t", bob = "ilikelua" } +-- All cookies will be authenticated based on this secret. Make it something +-- totally random and impossible to guess. It should be large. local secret = "BE SURE TO CUSTOMIZE THIS STRING TO SOMETHING BIG AND RANDOM"