[core] Add fix secret as config option

2020-09-12 00:01:30 +02:00 · 2020-09-12 00:01:30 +02:00 · b46c605623
parent 7b8d17b77b
commit b46c605623
2 changed files with 4 additions and 2 deletions
--- a/kibicara/config.py
+++ b/kibicara/config.py
@ -18,6 +18,8 @@ Example:
 """

 from argparse import ArgumentParser
+from nacl.secret import SecretBox
+from nacl.utils import random
 from pytoml import load
 from sys import argv

@ -25,6 +27,7 @@ from sys import argv
 config = {
    'database_connection': 'sqlite:////tmp/kibicara.sqlite',
    'frontend_url': 'http://127.0.0.1:4200',  # url of frontend, change in prod
+    'secret': random(SecretBox.KEY_SIZE).hex(),  # generate with: openssl rand -hex 32
    # production params
    'frontend_path': None,  # required, path to frontend html/css/js files
    'production': True,
--- a/kibicara/webapi/admin.py
+++ b/kibicara/webapi/admin.py
@ -15,7 +15,6 @@ from logging import getLogger
 from nacl.encoding import URLSafeBase64Encoder
 from nacl.exceptions import CryptoError
 from nacl.secret import SecretBox
-from nacl.utils import random
 from passlib.hash import argon2
 from ormantic.exceptions import NoMatch
 from pickle import dumps, loads
@ -38,7 +37,7 @@ class BodyAccessToken(BaseModel):


 oauth2_scheme = OAuth2PasswordBearer(tokenUrl='/api/admin/login')
-secret_box = SecretBox(random(SecretBox.KEY_SIZE))
+secret_box = SecretBox(bytes.fromhex(config['secret']))


 def to_token(**kwargs):