Generate the key used for session hashing individually for each server instance

2014-10-23 15:33:32 +02:00 · 2014-10-23 15:33:32 +02:00 · 118a4f7097
commit 118a4f7097
parent 7acb0657a7
2 changed files with 10 additions and 1 deletions
--- a/src/octoprint/server/init.py
+++ b/src/octoprint/server/init.py
@ -256,7 +256,15 @@ class Server():
 			settings().get(["server", "reverseProxy", "prefixScheme"])
 		)

-		app.secret_key = "k3PuVYgtxNm8DXKKTw2nWmFQQun9qceV"
+		secret_key = settings().get(["server", "secretKey"])
+		if not secret_key:
+			import string
+			from random import choice
+			chars = string.ascii_lowercase + string.ascii_uppercase + string.digits
+			secret_key = "".join(choice(chars) for _ in xrange(32))
+			settings().set(["server", "secretKey"], secret_key)
+			settings().save()
+		app.secret_key = secret_key
 		loginManager = LoginManager()
 		loginManager.session_protection = "strong"
 		loginManager.user_callback = load_user
--- a/src/octoprint/settings.py
+++ b/src/octoprint/settings.py
@ -41,6 +41,7 @@ default_settings = {
 		"host": "0.0.0.0",
 		"port": 5000,
 		"firstRun": True,
+		"secretKey": None,
 		"reverseProxy": {
 			"prefixHeader": "X-Script-Name",
 			"schemeHeader": "X-Scheme",