From 6f624696ba5ead7de1b50dd0393a020b2940db38 Mon Sep 17 00:00:00 2001
From: Sylvain Chateau <git@sylvain-chateau.com>
Date: Mon, 9 Sep 2024 19:35:26 +0200
Subject: [PATCH] SECRET is mandatory and .env should not be inside container
 (#2)

---
 .dockerignore       | 1 +
 README.md           | 5 ++++-
 utils/init/index.js | 4 ++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.dockerignore b/.dockerignore
index 49e5a7a..31b7fb5 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -7,6 +7,7 @@ data
 .dev
 .docker
 .dockerignore
+.env
 .git
 .gitignore
 .prettierignore
diff --git a/README.md b/README.md
index a8424c9..756dedd 100644
--- a/README.md
+++ b/README.md
@@ -33,9 +33,11 @@ docker pull pawelmalak/flame:2.0.0
 
 #### Deployment
 
+You have to generate a 64 random string
+
 ```sh
 # run container
-docker run -p 5005:5005 -v /path/to/data:/app/data -e PASSWORD=flame_password pawelmalak/flame
+docker run -p 5005:5005 -v /path/to/data:/app/data -e PASSWORD=flame_password SECRET=yourRandom64String pawelmalak/flame
 ```
 
 #### Building images
@@ -71,6 +73,7 @@ services:
     environment:
       - PASSWORD=flame_password
       - PASSWORD_FILE=/run/secrets/password # optional but required for (1)
+      - SECRET=yourRandom64String
     restart: unless-stopped
 
 # optional but required for Docker secrets (1)
diff --git a/utils/init/index.js b/utils/init/index.js
index 66c97cf..2975deb 100644
--- a/utils/init/index.js
+++ b/utils/init/index.js
@@ -4,6 +4,10 @@ const initDockerSecrets = require('./initDockerSecrets');
 const normalizeTheme = require('./normalizeTheme');
 
 const initApp = async () => {
+  if (!process.env.SECRET) {
+    console.error('ERROR: SECRET key is missing in environment variables');
+    process.exit(1);
+  }
   initDockerSecrets();
   await initFiles();
   await initConfig();