Randomize flask secret_key

2020-05-04 19:02:03 +02:00 · 2020-05-04 19:02:03 +02:00 · fb16429867
parent 36a984ce3c
commit fb16429867
2 changed files with 21 additions and 3 deletions
--- a/cps/init.py
+++ b/cps/init.py
@ -88,7 +88,7 @@ def create_app():
    log.info('Starting Calibre Web...')
    Principal(app)
    lm.init_app(app)
-    app.secret_key = os.getenv('SECRET_KEY', 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT')
+    app.secret_key = os.getenv('SECRET_KEY', config_sql.get_flask_session_key(ub.session))

    web_server.init_app(app, config)
    db.setup_db(config)
--- a/cps/config_sql.py
+++ b/cps/config_sql.py
@ -22,7 +22,7 @@ import os
 import json
 import sys

-from sqlalchemy import exc, Column, String, Integer, SmallInteger, Boolean
+from sqlalchemy import exc, Column, String, Integer, SmallInteger, Boolean, BLOB
 from sqlalchemy.ext.declarative import declarative_base

 from . import constants, cli, logger, ub
@ -31,6 +31,15 @@ from . import constants, cli, logger, ub
 log = logger.create()
 _Base = declarative_base()

+class _Flask_Settings(_Base):
+    __tablename__ = 'flask_settings'
+
+    id = Column(Integer, primary_key=True)
+    flask_session_key = Column(BLOB, default="")
+
+    def __init__(self, key):
+        self.flask_session_key = key
+

 # Baseclass for representing settings in app.db with email server settings and Calibre database settings
 # (application settings)
@ -301,7 +310,7 @@ def _migrate_table(session, orm_class):
                log.debug("%s: %s", column_name, err.args[0])
                if column.default is not None:
                    if sys.version_info < (3, 0):
-                        if isinstance(column.default.arg,unicode):
+                        if isinstance(column.default.arg, unicode):
                            column.default.arg = column.default.arg.encode('utf-8')
                if column.default is None:
                    column_default = ""
@ -337,6 +346,7 @@ def _migrate_database(session):
    # make sure the table is created, if it does not exist
    _Base.metadata.create_all(session.bind)
    _migrate_table(session, _Settings)
+    _migrate_table(session, _Flask_Settings)


 def load_configuration(session):
@ -354,3 +364,11 @@ def load_configuration(session):
            update({"denied_tags": conf.config_mature_content_tags}, synchronize_session=False)
        session.commit()
    return conf
+
+def get_flask_session_key(session):
+    flask_settings = session.query(_Flask_Settings).one_or_none()
+    if flask_settings == None:
+        flask_settings = _Flask_Settings(os.urandom(32))
+        session.add(flask_settings)
+        session.commit()
+    return flask_settings.flask_session_key