removing anything that remotely looks like a secret in code to set a good example

This commit is contained in:
Hossein Shafagh 2020-09-18 17:38:52 -07:00
parent 531e5c0d00
commit c892cd5ae1
2 changed files with 34 additions and 7 deletions

View File

@ -1,4 +1,7 @@
import os import os
import random
import string
import base64
from ast import literal_eval from ast import literal_eval
_basedir = os.path.abspath(os.path.dirname(__file__)) _basedir = os.path.abspath(os.path.dirname(__file__))
@ -6,10 +9,20 @@ _basedir = os.path.abspath(os.path.dirname(__file__))
CORS = os.environ.get("CORS") == "True" CORS = os.environ.get("CORS") == "True"
debug = os.environ.get("DEBUG") == "True" debug = os.environ.get("DEBUG") == "True"
SECRET_KEY = repr(os.environ.get('SECRET_KEY','Hrs8kCDNPuT9vtshsSWzlrYW+d+PrAXvg/HwbRE6M3vzSJTTrA/ZEw=='))
LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET','YVKT6nNHnWRWk28Lra1OPxMvHTqg1ZXvAcO7bkVNSbrEuDQPABM0VQ==')) def get_random_secret(length):
LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS','Ls-qg9j3EMFHyGB_NL0GcQLI6622n9pSyGM_Pu0GdCo=')) secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(length/4))
secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(length/4))
secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(length/4))
return secret_key + ''.join(random.choice(string.digits) for x in range(length/4))
SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8')))
LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
base64.b64encode(get_random_secret(32).encode('utf8'))))
LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
base64.b64encode(get_random_secret(32).encode('utf8'))))
LEMUR_WHITELISTED_DOMAINS = [] LEMUR_WHITELISTED_DOMAINS = []

View File

@ -1,9 +1,21 @@
# This is just Python which means you can inherit and tweak settings # This is just Python which means you can inherit and tweak settings
import os import os
import random
import string
import base64
_basedir = os.path.abspath(os.path.dirname(__file__)) _basedir = os.path.abspath(os.path.dirname(__file__))
# generate random secrets for unittest
def get_random_secret(length):
secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(length/4))
secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(length/4))
secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(length/4))
return secret_key + ''.join(random.choice(string.digits) for x in range(length/4))
THREADS_PER_PAGE = 8 THREADS_PER_PAGE = 8
# General # General
@ -14,12 +26,14 @@ debug = False
TESTING = True TESTING = True
# this is the secret key used by flask session management # this is the secret key used by flask session management (utf8 encoded)
SECRET_KEY = "I/dVhOZNSMZMqrFJa5tWli6VQccOGudKerq3eWPMSzQNmHHVhMAQfQ==" SECRET_KEY = get_random_secret(length=32).encode('utf8')
# You should consider storing these separately from your config
# You should consider storing these separately from your config (should be URL-safe)
LEMUR_TOKEN_SECRET = "test" LEMUR_TOKEN_SECRET = "test"
LEMUR_ENCRYPTION_KEYS = "o61sBLNBSGtAckngtNrfVNd8xy8Hp9LBGDstTbMbqCY=" LEMUR_ENCRYPTION_KEYS = base64.urlsafe_b64encode(get_random_secret(length=32).encode('utf8'))
# List of domain regular expressions that non-admin users can issue # List of domain regular expressions that non-admin users can issue
LEMUR_WHITELISTED_DOMAINS = [ LEMUR_WHITELISTED_DOMAINS = [