->stash->{'mojo.secrets'} vs ->app->secrets

[Ludwig Nussel]

Hi,

Mojolicious/Controller.pm uses ->stash->{'mojo.secrets'}, whereas
Mojolicious/Plugin/DefaultHelpers.pm uses ->app->secrets to access the
secrets. stash->{'mojo.secrets'} is just a copy of what app->secrets
returned when the controller was built.
Would it be feasible to make access to secrets always through
app->secrets and avoid the copy in the controller?

I'm asking because I have the secrets in the database but need to
avoid the datatabase access during startup().

cu
Ludwig

--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg)
Maxfeldstraße 5; 90409 Nürnberg; Germany

[sri]

Mojolicious/Controller.pm uses ->stash->{'mojo.secrets'},

To make sessions work across embedded applications.

 

whereas
Mojolicious/Plugin/DefaultHelpers.pm uses ->app->secrets to access the
secrets.

There it is just used as entropy for generating a reasonably random CSRF token, so no need for a shared secret.

 

Would it be feasible to make access to secrets always through
app->secrets and avoid the copy in the controller?

I don't think so, but let me know if you find a way.

--

sebastian