From c938f225e91fc99636dc2bc261677a5f31bbdb7d Mon Sep 17 00:00:00 2001 From: spl0k Date: Sun, 7 Apr 2019 16:35:26 +0200 Subject: [PATCH] Store cookie key in db rather than cache --- supysonic/utils.py | 23 +++++++++++++++++++++++ supysonic/web.py | 13 +++---------- 2 files changed, 26 insertions(+), 10 deletions(-) create mode 100644 supysonic/utils.py diff --git a/supysonic/utils.py b/supysonic/utils.py new file mode 100644 index 0000000..01b8f28 --- /dev/null +++ b/supysonic/utils.py @@ -0,0 +1,23 @@ +# coding: utf-8 +# +# This file is part of Supysonic. +# Supysonic is a Python implementation of the Subsonic server API. +# +# Copyright (C) 2019 Alban 'spl0k' FĂ©ron +# +# Distributed under terms of the GNU AGPLv3 license. + +from base64 import b64encode, b64decode +from os import urandom +from pony.orm import db_session, ObjectNotFound + +from supysonic.db import Meta + +@db_session +def get_secret_key(keyname): + try: + key = b64decode(Meta[keyname].value) + except ObjectNotFound: + key = urandom(128) + Meta(key = keyname, value = b64encode(key).decode()) + return key diff --git a/supysonic/web.py b/supysonic/web.py index 9120504..e773c99 100644 --- a/supysonic/web.py +++ b/supysonic/web.py @@ -14,12 +14,13 @@ import logging import mimetypes from flask import Flask -from os import makedirs, path, urandom +from os import makedirs, path from pony.orm import db_session from .config import IniConfig from .cache import Cache from .db import init_database +from .utils import get_secret_key logger = logging.getLogger(__package__) @@ -69,15 +70,7 @@ def create_application(config = None): makedirs(cache_path) # pragma: nocover # Read or create secret key - secret_path = path.join(cache_path, 'secret') - if path.exists(secret_path): - with io.open(secret_path, 'rb') as f: - app.secret_key = f.read() - else: - secret = urandom(128) - with io.open(secret_path, 'wb') as f: - f.write(secret) - app.secret_key = secret + app.secret_key = get_secret_key('cookies_secret') # Import app sections if app.config['WEBAPP']['mount_webui']: