Commit 030a3b3f authored by Pietro Albini's avatar Pietro Albini

Generate a random secret key at first startup

This commit generates a new secret key (used by Flask to sign cookies
and other stuff) the first time an instance is started within a data
directory. The key is not regenerated the next startups, to avoid
invalidating stuff.
parent 2b8bb919
......@@ -20,12 +20,25 @@ import flask
from . import pages
from . import cache
from . import utils
def create_app(data_path):
"""Create a new instance of the application"""
app = flask.Flask(__name__, static_url_path="/+assets")
app.config["DATA_PATH"] = data_path
# Normalize the data path
data_path = os.path.expanduser(os.path.abspath(data_path))
app = flask.Flask(__name__,
static_url_path="/+assets",
instance_path=data_path,
)
# Prepare the data directory
init_data_directory(data_path)
# Load the secret key
with open(os.path.join(data_path, "secret_key")) as f:
app.secret_key = f.read().strip()
app.config["CACHE_PATH"] = os.path.join(data_path, "cache")
cache.install_cache(app)
......@@ -58,3 +71,9 @@ def init_data_directory(data_path):
if os.path.exists(dest):
os.remove(dest)
os.symlink(os.path.join(src_directory, src), dest)
# Generate the secret key if not present
secret_key_path = os.path.join(data_path, "secret_key")
if not os.path.exists(secret_key_path):
with open(secret_key_path, "w") as f:
f.write("%s\n" % utils.random_key(64))
......@@ -40,8 +40,6 @@ def run(data, gunicorn_config, port, public, workers, debug):
# Create the application instance
src_directory = os.path.dirname(os.path.abspath(__file__))
uitwww.init_data_directory(data)
app = uitwww.create_app(data)
app.wsgi_app = utils.ReverseProxied(app.wsgi_app)
......
# Source code of the Ubuntu-it website
# Copyright (C) 2015 Pietro Albini <pietroalbini@ubuntu.com>
# Copyright (C) 2015-2016 Pietro Albini <pietroalbini@ubuntu.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
......@@ -14,9 +14,24 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import random
import string
import gunicorn.app.base as baseapp
def random_key(length):
"""Generate a random key of a given length"""
rng = random.SystemRandom() # Use /dev/urandom
space = string.digits + string.ascii_letters + string.punctuation
result = ""
for _ in range(length):
result += rng.choice(space)
return result
class GunicornInstance(baseapp.BaseApplication):
"""A gunicorn instance which runs the app we want"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment