create build-time random string for SECRET_KEY for prod

Dockerfile

@@ -20,6 +20,8 @@ RUN pip3 install --upgrade pillow --user
 EXPOSE 443
 EXPOSE 55432
 COPY . .
+RUN echo $RANDOM | md5sum | head -c 30 > /code/.sk
+RUN chmod 600 .sk
 RUN date > internal/build-date.txt
 RUN git log -n 15 > internal/git-log.txt
 RUN ln -s /code/TODO /code/internal/TODO

main.py

@@ -29,9 +29,16 @@ app = Flask(__name__)
 
 app.config['SQLALCHEMY_DATABASE_URI'] = DB_URL
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
-app.config['ENV'] = os.environ['ENV']
-app.config['SECRET_KEY'] = b'my_insecure_PA_token_with_random_2134876adsfjhlkasdf87'
 app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 31536000
+app.config['ENV'] = os.environ['ENV']
+# if in prod, Dockerfile will generate a random string and place it in /code/.sk
+try:
+    with open('/code/.sk') as f:
+        app.config['SECRET_KEY'] = f.read()
+except Exception:
+    app.config['SECRET_KEY'] = b'my_insecure_PA_token_with_random_2134876adsfjhlkasdf87'
+
+print(app.config['SECRET_KEY'])
 
 # ldap config vars: (the last one is required, or python ldap freaks out)
 app.config['LDAP_HOST'] = 'mara.ddp.net'
@@ -55,7 +62,7 @@ Compress(app)
 
 
 ################################# Now, import separated class files ###################################
-from ai import aistats
+from ai import ai_stats
 from files import Entry
 from person import Person
 from settings import Settings