From 96aaca0461609dc6a1bb97d6f0bcf83d72a46b7e Mon Sep 17 00:00:00 2001
From: Ev Bogue <ev@evbogue.com>
Date: Mon, 9 Sep 2019 11:41:33 -0500
Subject: ecstatic should definitely not expose the server keypair!

---
 bog.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bog.js b/bog.js
index e0774f1..efefac3 100644
--- a/bog.js
+++ b/bog.js
@@ -5,6 +5,7 @@ if ((typeof process !== 'undefined') && (process.release.name === 'node')) {
   var nacl = require('tweetnacl')
       nacl.util = require('tweetnacl-util')
   var ed2curve = require('ed2curve')
+  var homedir = require('os').homedir();
 }
 
 // bog.open -- opens a signature and returns content if you pass a signature and a public key
@@ -41,7 +42,7 @@ function generatekey () {
 async function keys () {
   try {
     if (fs) {
-      var keypair = JSON.parse(fs.readFileSync(__dirname + '/keypair'))
+      var keypair = JSON.parse(fs.readFileSync(homedir + '/.bogbook/keypair'))
     } else {
       var keypair = await localforage.getItem('id')
       if (keypair === null) {
@@ -52,7 +53,10 @@ async function keys () {
   } catch (err) {
     var keypair = generatekey()
     if (fs) {
-      fs.writeFileSync(__dirname + '/keypair', JSON.stringify(keypair), 'UTF-8')
+      if (!fs.existsSync(homedir + '/.bogbook')){
+        fs.mkdirSync(homedir + '/.bogbook')
+      }
+      fs.writeFileSync(homedir + '/.bogbook/keypair', JSON.stringify(keypair), 'UTF-8')
     }
   }
   return keypair
-- 
cgit v1.2.3-70-g09d2