Stop flood from starting or warn users if CONFIG.secret has not been changed

[jr64]

The README already tells users to create a long, unique secret during setup, however this is not enforced by flood. It is also not immediately obvious how grave the security implications are if this is not done.

Expected Behavior

Flood should refuse to start or at least print a visible warning (maybe even in the UI) if the default secret has not been changed.

Current Behavior

Flood starts and runs without any warnings.

Possible Solution

Some ideas:

• refuse to start (I would recommend this)
• print a warning in the console (not very visible, some might ignore this)
• show a warning header in the user interface to logged in users (requires a lot of extra work)
• automatically create a random secret on the first start

Context

I think it would be really important to implement something like this because the security implications of running flood with the default secret are really bad and this might not be obvious to many.

If you know the secret, you can sign a JWT token for yourself and get full access to the webinterface, you don't even need to know the name a valid user. In combination with issue #588, this means if you don't change the secret, anyone can most likely take over your server and execute arbitrary code. It should really be ensured in code that this cannot happen. Many will only skim the README or simply forget to change the secret in their production configuration.

[jesec]

Resolved by 7abd10d3f77a8c728cc6cd75b1387b55d3db1812, 388c03762141d20af8693a342b8d31dd1ab11827 and ed98e210f41980a658e5a0b1966ba8ef9a7cc4c1.

You may close the issue if it is no longer relevant.