From c9d9dd06ed5480a8cc9e311775dfc7e168738ce5 Mon Sep 17 00:00:00 2001 From: redfast00 Date: Tue, 26 Nov 2024 18:45:20 +0100 Subject: [PATCH 1/3] Fix Dockerfile after migration to gitea --- Dockerfile | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 432f69a..e77c04a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,11 +3,6 @@ FROM python:3.12.4-slim AS compile WORKDIR / -ADD https://git.zeus.gent/Haldis/menus/archive/master.tar.gz . - -RUN mkdir menus && \ - tar --directory=menus --extract --strip-components=1 --file=master.tar.gz - RUN pip install poetry COPY pyproject.toml poetry.lock . @@ -16,7 +11,7 @@ RUN poetry export --without-hashes --format=requirements.txt > requirements.txt FROM python:3.12.4-slim AS build -RUN apt update -y && apt install -y build-essential curl +RUN apt update -y && apt install -y build-essential curl git RUN curl https://sh.rustup.rs -sSf | sh -s -- -y ENV PATH="/root/.cargo/bin:${PATH}" @@ -24,11 +19,13 @@ COPY --from=compile requirements.txt . RUN pip install -r requirements.txt +RUN git clone https://git.zeus.gent/Haldis/menus.git menus + FROM python:3.12.4-slim AS development WORKDIR /src -COPY --from=compile menus menus +COPY --from=build menus menus COPY --from=build /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages From 2daf3f499dc4d53435e80fa7b4a025b20faab11a Mon Sep 17 00:00:00 2001 From: redfast00 Date: Tue, 26 Nov 2024 18:46:27 +0100 Subject: [PATCH 2/3] Secure random instead of insecure changeme for SECRET_KEY --- app/config.docker.py | 2 +- app/config.example.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/config.docker.py b/app/config.docker.py index ff2f33d..13b8106 100644 --- a/app/config.docker.py +++ b/app/config.docker.py @@ -16,7 +16,7 @@ class Configuration: SQLALCHEMY_TRACK_MODIFICATIONS = False DEBUG = True HALDIS_ADMINS = [] - SECRET_KEY = "" + SECRET_KEY = os.urandom(32) SLACK_WEBHOOK = None LOGFILE = "haldis.log" SENTRY_DSN = None diff --git a/app/config.example.py b/app/config.example.py index b6f7f37..ca50167 100644 --- a/app/config.example.py +++ b/app/config.example.py @@ -1,6 +1,6 @@ """An example for a Haldis config""" -# import os +import os class Configuration: @@ -15,7 +15,7 @@ class Configuration: SQLALCHEMY_TRACK_MODIFICATIONS = False DEBUG = True HALDIS_ADMINS = [] - SECRET_KEY = "" + SECRET_KEY = os.urandom(32) # Change this to a fixed, random value SLACK_WEBHOOK = None LOGFILE = "haldis.log" SENTRY_DSN = None From fe8d4a79cabb52756dac8fffd2a62b48775270e7 Mon Sep 17 00:00:00 2001 From: redfast00 Date: Tue, 26 Nov 2024 18:46:56 +0100 Subject: [PATCH 3/3] Save session cookies for 3 months instead of during session --- app/app.py | 1 + app/auth/zeus.py | 1 + 2 files changed, 2 insertions(+) diff --git a/app/app.py b/app/app.py index 91d609b..9c0f37a 100755 --- a/app/app.py +++ b/app/app.py @@ -73,6 +73,7 @@ def register_plugins(app: Flask) -> Flask: app.config.update( SESSION_COOKIE_HTTPONLY=True, SESSION_COOKIE_SAMESITE="Lax", + PERMANENT_SESSION_LIFETIME=3*31*24*60*60, ) if not app.debug: diff --git a/app/auth/zeus.py b/app/auth/zeus.py index c793077..c0c99e3 100644 --- a/app/auth/zeus.py +++ b/app/auth/zeus.py @@ -78,6 +78,7 @@ def init_oauth(app): def login_and_redirect_user(user) -> Response: """Log in the user and then redirect them""" login_user(user) + session.permanent = True return redirect(url_for("general_bp.home"))