Commit 030a3b3f authored by Pietro Albini's avatar Pietro Albini

Generate a random secret key at first startup

This commit generates a new secret key (used by Flask to sign cookies
and other stuff) the first time an instance is started within a data
directory. The key is not regenerated the next startups, to avoid
invalidating stuff.
parent 2b8bb919
...@@ -20,12 +20,25 @@ import flask ...@@ -20,12 +20,25 @@ import flask
from . import pages from . import pages
from . import cache from . import cache
from . import utils
def create_app(data_path): def create_app(data_path):
"""Create a new instance of the application""" """Create a new instance of the application"""
app = flask.Flask(__name__, static_url_path="/+assets") # Normalize the data path
app.config["DATA_PATH"] = data_path data_path = os.path.expanduser(os.path.abspath(data_path))
app = flask.Flask(__name__,
static_url_path="/+assets",
instance_path=data_path,
)
# Prepare the data directory
init_data_directory(data_path)
# Load the secret key
with open(os.path.join(data_path, "secret_key")) as f:
app.secret_key = f.read().strip()
app.config["CACHE_PATH"] = os.path.join(data_path, "cache") app.config["CACHE_PATH"] = os.path.join(data_path, "cache")
cache.install_cache(app) cache.install_cache(app)
...@@ -58,3 +71,9 @@ def init_data_directory(data_path): ...@@ -58,3 +71,9 @@ def init_data_directory(data_path):
if os.path.exists(dest): if os.path.exists(dest):
os.remove(dest) os.remove(dest)
os.symlink(os.path.join(src_directory, src), dest) os.symlink(os.path.join(src_directory, src), dest)
# Generate the secret key if not present
secret_key_path = os.path.join(data_path, "secret_key")
if not os.path.exists(secret_key_path):
with open(secret_key_path, "w") as f:
f.write("%s\n" % utils.random_key(64))
...@@ -40,8 +40,6 @@ def run(data, gunicorn_config, port, public, workers, debug): ...@@ -40,8 +40,6 @@ def run(data, gunicorn_config, port, public, workers, debug):
# Create the application instance # Create the application instance
src_directory = os.path.dirname(os.path.abspath(__file__)) src_directory = os.path.dirname(os.path.abspath(__file__))
uitwww.init_data_directory(data)
app = uitwww.create_app(data) app = uitwww.create_app(data)
app.wsgi_app = utils.ReverseProxied(app.wsgi_app) app.wsgi_app = utils.ReverseProxied(app.wsgi_app)
......
# Source code of the Ubuntu-it website # Source code of the Ubuntu-it website
# Copyright (C) 2015 Pietro Albini <pietroalbini@ubuntu.com> # Copyright (C) 2015-2016 Pietro Albini <pietroalbini@ubuntu.com>
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published # it under the terms of the GNU Affero General Public License as published
...@@ -14,9 +14,24 @@ ...@@ -14,9 +14,24 @@
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import random
import string
import gunicorn.app.base as baseapp import gunicorn.app.base as baseapp
def random_key(length):
"""Generate a random key of a given length"""
rng = random.SystemRandom() # Use /dev/urandom
space = string.digits + string.ascii_letters + string.punctuation
result = ""
for _ in range(length):
result += rng.choice(space)
return result
class GunicornInstance(baseapp.BaseApplication): class GunicornInstance(baseapp.BaseApplication):
"""A gunicorn instance which runs the app we want""" """A gunicorn instance which runs the app we want"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment