From d800c5e2809a50d939145eb2df0ed8f0825a5007 Mon Sep 17 00:00:00 2001 From: Jonas L Date: Wed, 22 Mar 2023 10:14:11 +0100 Subject: [PATCH] feat: use secret_key config field instead of api_key (#2444) Fixes #2426 --- api/libretime_api/settings/prod.py | 11 ++++++++++- api/libretime_api/settings/testing.py | 1 + docker/config.dev.yml | 1 + docker/config.yml | 4 ++++ docker/example/config.yml | 4 ++++ docs/admin-manual/setup/configuration.md | 3 +++ install | 2 ++ installer/config.yml | 4 ++++ legacy/application/configs/conf.php | 1 + shared/libretime_shared/config/_models.py | 1 + 10 files changed, 31 insertions(+), 1 deletion(-) diff --git a/api/libretime_api/settings/prod.py b/api/libretime_api/settings/prod.py index ab2e204eb..1a26fb374 100644 --- a/api/libretime_api/settings/prod.py +++ b/api/libretime_api/settings/prod.py @@ -1,4 +1,5 @@ from os import getenv +from warnings import warn # pylint: disable=unused-import from ._internal import ( @@ -24,7 +25,15 @@ LIBRETIME_CONFIG_FILEPATH = getenv("LIBRETIME_CONFIG_FILEPATH") CONFIG = Config(LIBRETIME_CONFIG_FILEPATH) # type: ignore[arg-type, misc] -SECRET_KEY = CONFIG.general.api_key +if CONFIG.general.secret_key is None: + warn( + "The [general.secret_key] configuration field is not set but will be required " + "in the next major release. Using [general.api_key] as fallback.", + FutureWarning, + ) + SECRET_KEY = CONFIG.general.api_key +else: + SECRET_KEY = CONFIG.general.secret_key ALLOWED_HOSTS = ["*"] diff --git a/api/libretime_api/settings/testing.py b/api/libretime_api/settings/testing.py index 755783594..94e4a7a97 100644 --- a/api/libretime_api/settings/testing.py +++ b/api/libretime_api/settings/testing.py @@ -5,6 +5,7 @@ from .._fixtures import fixture_path os.environ.setdefault("LIBRETIME_DEBUG", "true") os.environ.setdefault("LIBRETIME_GENERAL_PUBLIC_URL", "http://localhost") os.environ.setdefault("LIBRETIME_GENERAL_API_KEY", "testing") +os.environ.setdefault("LIBRETIME_GENERAL_SECRET_KEY", "testing") os.environ.setdefault("LIBRETIME_STORAGE_PATH", str(fixture_path)) # pylint: disable=wrong-import-position,unused-import diff --git a/docker/config.dev.yml b/docker/config.dev.yml index 23ed3ec2b..03735ebc3 100644 --- a/docker/config.dev.yml +++ b/docker/config.dev.yml @@ -1,6 +1,7 @@ general: public_url: http://localhost:8080 api_key: some_secret_api_key + secret_key: some_secret_key database: host: postgres diff --git a/docker/config.yml b/docker/config.yml index 4c7c36ecb..524bc98ab 100644 --- a/docker/config.yml +++ b/docker/config.yml @@ -7,6 +7,10 @@ general: # The internal API authentication key. # > this field is REQUIRED api_key: + # The Django API secret key. If not defined, the value of [general.api_key] will be + # used as fallback. + # > this field will be REQUIRED starting with LibreTime 4.0.0 + secret_key: # List of origins allowed to access resources on the server, the public url # origin is automatically included. diff --git a/docker/example/config.yml b/docker/example/config.yml index 27469ede3..84044be67 100644 --- a/docker/example/config.yml +++ b/docker/example/config.yml @@ -7,6 +7,10 @@ general: # The internal API authentication key. # > this field is REQUIRED api_key: some_secret_api_key + # The Django API secret key. If not defined, the value of [general.api_key] will be + # used as fallback. + # > this field will be REQUIRED starting with LibreTime 4.0.0 + secret_key: # List of origins allowed to access resources on the server, the public url # origin is automatically included. diff --git a/docs/admin-manual/setup/configuration.md b/docs/admin-manual/setup/configuration.md index 0788a35a9..6b3030124 100644 --- a/docs/admin-manual/setup/configuration.md +++ b/docs/admin-manual/setup/configuration.md @@ -42,6 +42,9 @@ general: # The internal API authentication key. # > this field is REQUIRED api_key: "some_random_generated_secret!" + # The Django API secret key. If not defined, the value of [general.api_key] will be + # used as fallback. + secret_key: "some_random_generated_secret!" # List of origins allowed to access resources on the server, # the [general.public_url] origin is automatically included. diff --git a/install b/install index a2cd3fbea..5163cf7c3 100755 --- a/install +++ b/install @@ -452,6 +452,8 @@ if $is_first_install; then fi set_config "$(generate_random_password)" general api_key + set_config "$(generate_random_password)" general secret_key + if [[ -n "$LIBRETIME_TIMEZONE" ]]; then set_config "$LIBRETIME_TIMEZONE" general timezone fi diff --git a/installer/config.yml b/installer/config.yml index 463548c08..21eb33904 100644 --- a/installer/config.yml +++ b/installer/config.yml @@ -7,6 +7,10 @@ general: # The internal API authentication key. # > this field is REQUIRED api_key: + # The Django API secret key. If not defined, the value of [general.api_key] will be + # used as fallback. + # > this field will be REQUIRED starting with LibreTime 4.0.0 + secret_key: # List of origins allowed to access resources on the server, the public url # origin is automatically included. diff --git a/legacy/application/configs/conf.php b/legacy/application/configs/conf.php index 0ce99ce0c..7630d6646 100644 --- a/legacy/application/configs/conf.php +++ b/legacy/application/configs/conf.php @@ -35,6 +35,7 @@ class Schema implements ConfigurationInterface ->arrayNode('general')->addDefaultsIfNotSet()->children() /**/->scalarNode('public_url')->cannotBeEmpty()->end() /**/->scalarNode('api_key')->cannotBeEmpty()->end() + /**/->scalarNode('secret_key')->end() /**/->arrayNode('allowed_cors_origins')->scalarPrototype()->defaultValue([])->end()->end() /**/->scalarNode('timezone')->cannotBeEmpty()->defaultValue("UTC") /* */->validate()->ifNotInArray(DateTimeZone::listIdentifiers()) diff --git a/shared/libretime_shared/config/_models.py b/shared/libretime_shared/config/_models.py index 799072157..6b3d2aff1 100644 --- a/shared/libretime_shared/config/_models.py +++ b/shared/libretime_shared/config/_models.py @@ -44,6 +44,7 @@ def no_leading_slash_validator(key: str) -> "AnyClassMethod": class GeneralConfig(BaseModel): public_url: AnyHttpUrl api_key: str + secret_key: Optional[str] = None timezone: str = "UTC"