mikejsavage / flea

A lightweight Lua web framework
ISC License
21 stars 2 forks source link

flea.config #8

Open abyxcos opened 8 years ago

abyxcos commented 8 years ago

This is a multi-part bug.

1.) Flea could really use a flea.conf.sample. Right now, flea.conf is required, but none of the components use it. If I understand the code right, it just inserts tables into flea.config? 2.) secret.lua requires config.secret_path. This is already set by flea.lua, but inside the flea.config namespace, so it can't be accessed by secret.lua. 3.) I'm using mayhemwiki as the reference application. This just sets config directly in the main file, and never uses flea.config, mostly bypassing this issue. It still requires a touch flea.conf to start though.

I think flea.lua should only source flea.conf if it exists, else just dump defaults into flea.config. I'm not sure the appropriate way for secret.lua to access flea.config though.

mikejsavage commented 8 years ago

flea.conf is something I never got around to finishing. touch flea.conf or just remove the code that uses it for now

The only thing it's used for is pointing at secret.bin, which is only used for encrypting cookies. Having to persist the key is actually quite a big bump in complexity (where do we store it - secret.bin or environment variables? if it's in the environment, how do I make it not annoying in a dev environment? what happens if people forget to set it? what if people git add secret.bin? etc) for a feature of questionable usefulness.

abyxcos commented 8 years ago

So, I like the idea of flea.conf. It's a simple way to pull out some application and site configuration. I would probably prefer a yaml syntax, but that's just a require "lyaml" away, so no reason to complicate the default config code.

As for secret.bin management, I just ended up dropping that in my database directory. In mayhemwiki, you have both of those in root, but this organization structure accidentally manages to avoid the git leaks (as you most likely don't want your users database on git either, so that whole directory can/should be backed up separately.)

For actual application flow, I think I would try and read flea.conf, then fall back on the defaults in flea.lua (or the user override to flea.config) to try db/secret.bin. If neither of those exists, I think it's then safe to just print an error and exit (current behavior.)