diff --git a/api/libretime_api/settings/prod.py b/api/libretime_api/settings/prod.py index ab2e204eb5..1a26fb3747 100644 --- a/api/libretime_api/settings/prod.py +++ b/api/libretime_api/settings/prod.py @@ -1,4 +1,5 @@ from os import getenv +from warnings import warn # pylint: disable=unused-import from ._internal import ( @@ -24,7 +25,15 @@ CONFIG = Config(LIBRETIME_CONFIG_FILEPATH) # type: ignore[arg-type, misc] -SECRET_KEY = CONFIG.general.api_key +if CONFIG.general.secret_key is None: + warn( + "The [general.secret_key] configuration field is not set but will be required " + "in the next major release. Using [general.api_key] as fallback.", + FutureWarning, + ) + SECRET_KEY = CONFIG.general.api_key +else: + SECRET_KEY = CONFIG.general.secret_key ALLOWED_HOSTS = ["*"] diff --git a/api/libretime_api/settings/testing.py b/api/libretime_api/settings/testing.py index 755783594b..94e4a7a971 100644 --- a/api/libretime_api/settings/testing.py +++ b/api/libretime_api/settings/testing.py @@ -5,6 +5,7 @@ os.environ.setdefault("LIBRETIME_DEBUG", "true") os.environ.setdefault("LIBRETIME_GENERAL_PUBLIC_URL", "http://localhost") os.environ.setdefault("LIBRETIME_GENERAL_API_KEY", "testing") +os.environ.setdefault("LIBRETIME_GENERAL_SECRET_KEY", "testing") os.environ.setdefault("LIBRETIME_STORAGE_PATH", str(fixture_path)) # pylint: disable=wrong-import-position,unused-import diff --git a/docker/config.dev.yml b/docker/config.dev.yml index 23ed3ec2b7..03735ebc3b 100644 --- a/docker/config.dev.yml +++ b/docker/config.dev.yml @@ -1,6 +1,7 @@ general: public_url: http://localhost:8080 api_key: some_secret_api_key + secret_key: some_secret_key database: host: postgres diff --git a/docker/config.yml b/docker/config.yml index 4c7c36ecbd..7465290651 100644 --- a/docker/config.yml +++ b/docker/config.yml @@ -7,6 +7,9 @@ general: # The internal API authentication key. # > this field is REQUIRED api_key: + # The Django API secret key. If not defined, the value of [general.api_key] will be + # used as fallback. + secret_key: # List of origins allowed to access resources on the server, the public url # origin is automatically included. diff --git a/docker/example/config.yml b/docker/example/config.yml index 27469ede33..e0b7e02339 100644 --- a/docker/example/config.yml +++ b/docker/example/config.yml @@ -7,6 +7,9 @@ general: # The internal API authentication key. # > this field is REQUIRED api_key: some_secret_api_key + # The Django API secret key. If not defined, the value of [general.api_key] will be + # used as fallback. + secret_key: # List of origins allowed to access resources on the server, the public url # origin is automatically included. diff --git a/install b/install index a2cd3fbeaf..5163cf7c38 100755 --- a/install +++ b/install @@ -452,6 +452,8 @@ if $is_first_install; then fi set_config "$(generate_random_password)" general api_key + set_config "$(generate_random_password)" general secret_key + if [[ -n "$LIBRETIME_TIMEZONE" ]]; then set_config "$LIBRETIME_TIMEZONE" general timezone fi diff --git a/installer/config.yml b/installer/config.yml index 463548c085..2cf2f6b691 100644 --- a/installer/config.yml +++ b/installer/config.yml @@ -7,6 +7,9 @@ general: # The internal API authentication key. # > this field is REQUIRED api_key: + # The Django API secret key. If not defined, the value of [general.api_key] will be + # used as fallback. + secret_key: # List of origins allowed to access resources on the server, the public url # origin is automatically included. diff --git a/shared/libretime_shared/config/_models.py b/shared/libretime_shared/config/_models.py index 799072157c..6b3d2aff15 100644 --- a/shared/libretime_shared/config/_models.py +++ b/shared/libretime_shared/config/_models.py @@ -44,6 +44,7 @@ def strip_leading_slash(cls: Any, value: Any) -> Any: class GeneralConfig(BaseModel): public_url: AnyHttpUrl api_key: str + secret_key: Optional[str] = None timezone: str = "UTC"