ddp/books
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make Dockerfile add a random value and put it on filesystem to be picked up in main.py -> for app.config['SECRET_KEY]

Browse Source
This commit is contained in:
Damien De Paoli
2024-12-07 19:36:19 +11:00
parent 12e61cf2fc
commit a1b8b99b13
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -23,6 +23,8 @@ RUN apt-get update && \
RUN pip3 install --upgrade pip RUN pip3 install --upgrade pip
RUN pip3 install -U -r requirements.txt RUN pip3 install -U -r requirements.txt
RUN cat /dev/urandom | head -c 50 | md5sum | head -c 32 > /code/.sk
RUN chmod 600 .sk
EXPOSE 80 EXPOSE 80
# NOTE, wrapper.sh will use sudo to work in PROD and DEV AS the correct # NOTE, wrapper.sh will use sudo to work in PROD and DEV AS the correct
# BOOK_UID/BOOK_GID as pybook user and group # BOOK_UID/BOOK_GID as pybook user and group

8
main.py
View File

@@ -32,7 +32,13 @@ else:
app.config['SQLALCHEMY_DATABASE_URI'] = DB_URL app.config['SQLALCHEMY_DATABASE_URI'] = DB_URL
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config.from_mapping( SECRET_KEY=b'\xd6\x04\xbdj\xfe\xed$c\x1e@\xad\x0f\x13,@G')
# if in prod, Dockerfile will generate a random string and place it in /code/.sk
try:
with open('/code/.sk') as f:
app.config['SECRET_KEY'] = f.read()
except Exception:
app.config['SECRET_KEY'] = b'my_insecure_pybook_token_with_random_a897s987f98as7df9as87df9safd'
# ldap config vars: (the last one is required, or python ldap freaks out) # ldap config vars: (the last one is required, or python ldap freaks out)
app.config['LDAP_HOST'] = 'mara.ddp.net' app.config['LDAP_HOST'] = 'mara.ddp.net'