feat: use secret_key config field instead of api_key

Fixes libretime#2426
jooola · Mar 15, 2023 · e231e74 · e231e74
1 parent 903a643
commit e231e74
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 1 deletion.
diff --git a/api/libretime_api/settings/prod.py b/api/libretime_api/settings/prod.py
@@ -1,4 +1,5 @@
 from os import getenv
+from warnings import warn
 
 # pylint: disable=unused-import
 from ._internal import (
@@ -24,7 +25,15 @@
 
 CONFIG = Config(LIBRETIME_CONFIG_FILEPATH)  # type: ignore[arg-type, misc]
 
-SECRET_KEY = CONFIG.general.api_key
+if CONFIG.general.secret_key is None:
+    warn(
+        "The [general.secret_key] configuration field is not set but will be required "
+        "in the next major release. Using [general.api_key] as fallback.",
+        FutureWarning,
+    )
+    SECRET_KEY = CONFIG.general.api_key
+else:
+    SECRET_KEY = CONFIG.general.secret_key
 
 ALLOWED_HOSTS = ["*"]
 

diff --git a/api/libretime_api/settings/testing.py b/api/libretime_api/settings/testing.py
@@ -5,6 +5,7 @@
 os.environ.setdefault("LIBRETIME_DEBUG", "true")
 os.environ.setdefault("LIBRETIME_GENERAL_PUBLIC_URL", "http://localhost")
 os.environ.setdefault("LIBRETIME_GENERAL_API_KEY", "testing")
+os.environ.setdefault("LIBRETIME_GENERAL_SECRET_KEY", "testing")
 os.environ.setdefault("LIBRETIME_STORAGE_PATH", str(fixture_path))
 
 # pylint: disable=wrong-import-position,unused-import

diff --git a/docker/config.dev.yml b/docker/config.dev.yml
@@ -1,6 +1,7 @@
 general:
   public_url: http://localhost:8080
   api_key: some_secret_api_key
+  secret_key: some_secret_key
 
 database:
   host: postgres

diff --git a/docker/config.yml b/docker/config.yml
@@ -7,6 +7,9 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key:
+  # The Django API secret key. If not defined, the value of [general.api_key] will be
+  # used as fallback.
+  secret_key:
 
   # List of origins allowed to access resources on the server, the public url
   # origin is automatically included.

diff --git a/docker/example/config.yml b/docker/example/config.yml
@@ -7,6 +7,9 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key: some_secret_api_key
+  # The Django API secret key. If not defined, the value of [general.api_key] will be
+  # used as fallback.
+  secret_key:
 
   # List of origins allowed to access resources on the server, the public url
   # origin is automatically included.

diff --git a/install b/install
@@ -452,6 +452,8 @@ if $is_first_install; then
   fi
   set_config "$(generate_random_password)" general api_key
 
+  set_config "$(generate_random_password)" general secret_key
+
   if [[ -n "$LIBRETIME_TIMEZONE" ]]; then
     set_config "$LIBRETIME_TIMEZONE"  general timezone
   fi

diff --git a/installer/config.yml b/installer/config.yml
@@ -7,6 +7,9 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key:
+  # The Django API secret key. If not defined, the value of [general.api_key] will be
+  # used as fallback.
+  secret_key:
 
   # List of origins allowed to access resources on the server, the public url
   # origin is automatically included.

diff --git a/shared/libretime_shared/config/_models.py b/shared/libretime_shared/config/_models.py
@@ -44,6 +44,7 @@ def strip_leading_slash(cls: Any, value: Any) -> Any:
 class GeneralConfig(BaseModel):
     public_url: AnyHttpUrl
     api_key: str
+    secret_key: Optional[str] = None
 
     timezone: str = "UTC"