Secure control panel access with a session UID displayed in startup logs only

24c6e5f7 · FranÃ§ois Sarradin · François Sarradin · b530e910 · 24c6e5f7 · 24c6e5f7
Commit 24c6e5f7 authored 7 years ago by FranÃ§ois Sarradin Committed by François Sarradin 7 years ago
--- a/lib/extreme_startup/web_server.rb
+++ b/lib/extreme_startup/web_server.rb
@@ -14,6 +14,7 @@ Thread.abort_on_exception = true
 module ExtremeStartup

  class WebServer < Sinatra::Base
+    attr_reader :session_uid

    set :port, 3000
    set :static, true
@@ -24,6 +25,7 @@ module ExtremeStartup
    set :question_factory, ENV['WARMUP'] ? WarmupQuestionFactory.new : QuestionFactory.new
    set :game_state, GameState.new
    set :reload_templates, true
+    set :session_uid, UUID.new.generate.to_s[0..7]

    get '/' do
      haml :leaderboard, :locals => {
@@ -74,7 +76,7 @@ module ExtremeStartup
      haml :scores
    end

-    get '/controlpanel' do
+    get '/controlpanel_' + session_uid do
      haml :controlpanel, :locals => {
        :game_state => game_state,
        :round => question_factory.round.to_s

--- a/web_server.rb
+++ b/web_server.rb
 require 'rubygems'

 require_relative 'lib/extreme_startup/web_server'
+
+puts "Start XStartup WebServer"
+puts "Port : #{ExtremeStartup::WebServer.port}"
+puts "Session UID: #{ExtremeStartup::WebServer.session_uid}"
+STDOUT.flush
+
 ExtremeStartup::WebServer.run!