Automatically generate a HTTP secret if none is provided

Log a warning if the registry generates its own secret.

Update configuration doc, and remove the default secret from the
development config file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>

docs/handlers/app.go

@@ -1,6 +1,7 @@
 package handlers
 
 import (
+	cryptorand "crypto/rand"
 	"expvar"
 	"fmt"
 	"math/rand"
@@ -30,6 +31,10 @@ import (
 	"golang.org/x/net/context"
 )
 
+// randomSecretSize is the number of random bytes to generate if no secret
+// was specified.
+const randomSecretSize = 32
+
 // App is a global registry application object. Shared resources can be placed
 // on this object that will be accessible from all requests. Any writable
 // fields should be protected.
@@ -102,6 +107,7 @@ func NewApp(ctx context.Context, configuration configuration.Configuration) *App
 		panic(err)
 	}
 
+	app.configureSecret(&configuration)
 	app.configureEvents(&configuration)
 	app.configureRedis(&configuration)
 	app.configureLogHook(&configuration)
@@ -337,6 +343,19 @@ func (app *App) configureLogHook(configuration *configuration.Configuration) {
 	}
 }
 
+// configureSecret creates a random secret if a secret wasn't included in the
+// configuration.
+func (app *App) configureSecret(configuration *configuration.Configuration) {
+	if configuration.HTTP.Secret == "" {
+		var secretBytes [randomSecretSize]byte
+		if _, err := cryptorand.Read(secretBytes[:]); err != nil {
+			panic(fmt.Sprintf("could not generate random bytes for HTTP secret: %v", err))
+		}
+		configuration.HTTP.Secret = string(secretBytes[:])
+		ctxu.GetLogger(app).Warn("No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable.")
+	}
+}
+
 func (app *App) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close() // ensure that request body is always closed.