Security by obscurity #165
Description
Leave the admin functionality disabled when oauth not provided, but enable an obfuscated route that enables admin in the session and redirects to /
Something like this code snippet:
unless ( $self->config->{oauth} ) {
my $obfuscated = $self->config->{obfuscated} || $self->random();
$self->log->info("Obfuscated admin route is $obfuscated");
$r->get("/$obfuscated")->to(cb=>sub{shift->redirect_to('/')});
}
sub random {
my $self = shift;
my $file = $self->home->rel_file('.obfuscated');
return slurp $file if -e $file;
my $random = md5(rand());
spurt $file, $random;
return $random;
}