hnzio/saldo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: persist fallback secret key for csrf stability

Browse Source
This commit is contained in:
Florian Heinz
2026-04-21 21:25:36 +02:00
parent 6f5e704739
commit b9212d9c41
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/config.py
+16 -1
View File
@@ -10,10 +10,25 @@ def _default_data_dir() -> Path:
return Path(os.getenv("SALDO_DATA_DIR", Path.cwd() / "instance")).resolve() return Path(os.getenv("SALDO_DATA_DIR", Path.cwd() / "instance")).resolve()
def _secret_key(data_dir: Path) -> str:
configured = os.getenv("SECRET_KEY")
if configured:
return configured
secret_file = data_dir / ".secret_key"
if secret_file.exists():
return secret_file.read_text(encoding="utf-8").strip()
data_dir.mkdir(parents=True, exist_ok=True)
generated = secrets.token_hex(32)
secret_file.write_text(generated, encoding="utf-8")
return generated
class Config: class Config:
APP_NAME = "Saldo" APP_NAME = "Saldo"
SECRET_KEY = os.getenv("SECRET_KEY") or secrets.token_hex(32)
DATA_DIR = _default_data_dir() DATA_DIR = _default_data_dir()
SECRET_KEY = _secret_key(DATA_DIR)
AVATAR_UPLOAD_DIR = DATA_DIR / "avatars" AVATAR_UPLOAD_DIR = DATA_DIR / "avatars"
SQLALCHEMY_DATABASE_URI = os.getenv( SQLALCHEMY_DATABASE_URI = os.getenv(
"DATABASE_URL", "DATABASE_URL",