From ed74d7bcb85223b37478553eb8d9be6e5b898d1e Mon Sep 17 00:00:00 2001
From: Dominik George <dominik.george@teckids.org>
Date: Mon, 17 May 2021 19:21:30 +0200
Subject: [PATCH] Read secret config file

---
 src/config.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/config.rs b/src/config.rs
index b70ed6f..0aae4d1 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -34,6 +34,11 @@ pub fn get_config(conf_args: Option<config::Config>) -> config::Config {
     };
     conf.merge(config::File::with_name(&config_file)).ok();
 
+    // Add config from same file with .secret appended, so that OAuth client secrets can be
+    // placed into a file only readable by root to force users to only ever use their user
+    // token acquired using PAM
+    conf.merge(config::File::with_name(&(config_file + ".secret"))).ok();
+
     // Override configuration from environment variables
     conf.merge(config::Environment::with_prefix(BASE_NAME.to_string().to_uppercase().as_str())).ok();
 
-- 
GitLab