user security best practice of having no default passwords.

cmd/converge/converge.go

@@ -6,10 +6,12 @@ import (
 	"converge/pkg/websocketutil"
 	"fmt"
 	"log"
+	"math/rand"
 	"net"
 	"net/http"
 	"os"
 	"regexp"
+	"strconv"
 	"strings"
 )
 
@@ -71,16 +73,23 @@ func main() {
 		printHelp("")
 	}
 
+	userPassword := comms.UserPassword{
+		Username: strconv.Itoa(rand.Int()),
+		Password: strconv.Itoa(rand.Int()),
+	}
+
 	username, ok := os.LookupEnv("CONVERGE_USERNAME")
-	if !ok {
+	if ok {
-		username = "abc"
+		userPassword.Username = username
 	}
 
 	password, ok := os.LookupEnv("CONVERGE_PASSWORD")
-	if !ok {
+	if ok {
-		password = "123"
+		userPassword.Password = password
 	}
 
+	log.Printf("Using username '%s' and password '%s'", userPassword.Username, userPassword.Password)
+
 	admin := converge.NewAdmin()
 	registrationService := websocketutil.WebSocketService{
 		Handler: func(w http.ResponseWriter, r *http.Request, conn net.Conn) {
@@ -91,7 +100,7 @@ func main() {
 			}
 			log.Printf("Got registration connection: '%s'\n", publicId)
 			err = admin.Register(publicId, conn,
-				comms.UserPassword{Username: username, Password: password})
+				userPassword)
 			if err != nil {
 				log.Printf("Error %v\n", err)
 			}