Persists secret_key between updates

2023-09-16 13:46:15 -04:00 · 2023-09-16 13:46:15 -04:00 · ef5336927d
commit ef5336927d
--- a/.dockerignore
+++ b/.dockerignore
@ -1 +1,2 @@
 **/.git
+.secret_key
--- a/.gitignore
+++ b/.gitignore
@ -102,4 +102,5 @@ package-lock.json

 # Debian builds
 dpkg/build
-dpkg/deb
+dpkg/deb
+.secret_key
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -33,6 +33,7 @@ services:
      - WO_BROKER
      - WO_DEV
      - WO_DEV_WATCH_PLUGINS
+      - WO_SECRET_KEY
    restart: unless-stopped
    oom_score_adj: 0
  broker:
@ -52,5 +53,6 @@ services:
    environment:
      - WO_BROKER
      - WO_DEBUG
+      - WO_SECRET_KEY
    restart: unless-stopped
    oom_score_adj: 250
--- a/webodm.sh
+++ b/webodm.sh
@ -335,13 +335,27 @@ run(){
 	eval "$1"
 }

+get_secret(){
+	if [ ! -e ./.secret_key ] && [ -e /dev/random ]; then
+		echo "Generating secret in ./.secret_key"
+		export WO_SECRET_KEY=$(head -c50 < /dev/random | base64)
+		echo $WO_SECRET_KEY > ./.secret_key
+	elif [ -e ./.secret_key ]; then
+		export WO_SECRET_KEY=$(cat ./.secret_key)
+	else
+		export WO_SECRET_KEY=""
+	fi
+}
+
 start(){
-    if [[ $dev_mode = true ]]; then
-	    echo "Starting WebODM in development mode..."
-        down
-    else
-        echo "Starting WebODM..."
-    fi
+	get_secret
+
+	if [[ $dev_mode = true ]]; then
+		echo "Starting WebODM in development mode..."
+		down
+	else
+		echo "Starting WebODM..."
+	fi
 	echo ""
 	echo "Using the following environment:"
 	echo "================================"
--- a/webodm/settings.py
+++ b/webodm/settings.py
@ -27,18 +27,21 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 try:
    from .secret_key import SECRET_KEY
 except ImportError:
-    # This will be executed the first time Django runs
-    # It generates a secret_key.py file that contains the SECRET_KEY
-    from django.utils.crypto import get_random_string
+    if os.environ.get("WO_SECRET_KEY", "") != "":
+        SECRET_KEY = os.environ.get("WO_SECRET_KEY")
+    else:
+        # This will be executed the first time Django runs
+        # It generates a secret_key.py file that contains the SECRET_KEY
+        from django.utils.crypto import get_random_string

-    current_dir = os.path.abspath(os.path.dirname(__file__))
-    chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
-    secret = get_random_string(50, chars)
-    with open(os.path.join(current_dir, 'secret_key.py'), 'w') as f:
-        f.write("SECRET_KEY='{}'".format(secret))
-    SECRET_KEY=secret
+        current_dir = os.path.abspath(os.path.dirname(__file__))
+        chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)'
+        secret = get_random_string(50, chars)
+        with open(os.path.join(current_dir, 'secret_key.py'), 'w') as f:
+            f.write("SECRET_KEY='{}'".format(secret))
+        SECRET_KEY=secret

-    print("Generated secret key")
+        print("Generated secret key")

 with open(os.path.join(BASE_DIR, 'package.json')) as package_file:
    data = json.load(package_file)