Merge pull request #1219 from rcludwick/secret_key

Fixes #1215. Allow secret key to come from file.
2024-08-30 18:33:04 +00:00 · 2021-01-14 21:11:30 +11:00 · 2021-01-14 21:11:30 +11:00 · af7af395f8
commit af7af395f8
parent 9efde9de29 3cfe358102
1 changed files with 37 additions and 20 deletions
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@ -11,17 +11,20 @@ database setup in this file.

 """

-import sys
-import os
 import logging
+import os
+import sys
 import tempfile
-import yaml
-
 from datetime import datetime

+import yaml
 from django.utils.translation import gettext_lazy as _


+def _is_true(x):
+    return x in [True, "True", "true", "Y", "y", "1"]
+
+
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

@ -36,11 +39,14 @@ with open(cfg_filename, 'r') as cfg:

 # Default action is to run the system in Debug mode
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = CONFIG.get('debug', True)
+DEBUG = _is_true(os.getenv("INVENTREE_DEBUG", CONFIG.get("debug", True)))

 # Configure logging settings
-
 log_level = CONFIG.get('log_level', 'DEBUG').upper()
+logging.basicConfig(
+    level=log_level,
+    format="%(asctime)s %(levelname)s %(message)s",
+)

 if log_level not in ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL']:
    log_level = 'WARNING'
@ -59,20 +65,31 @@ LOGGING = {
    },
 }

-logging.basicConfig(
-    level=log_level,
-    format='%(asctime)s %(levelname)s %(message)s',
-)
-
 # Get a logger instance for this setup file
 logger = logging.getLogger(__name__)

-# Read the autogenerated key-file
-key_file_name = os.path.join(BASE_DIR, 'secret_key.txt')
-logger.info(f'Loading SECRET_KEY from {key_file_name}')
-key_file = open(key_file_name, 'r')
-
-SECRET_KEY = key_file.read().strip()
+if os.getenv("INVENTREE_SECRET_KEY"):
+    # Secret key passed in directly
+    SECRET_KEY = os.getenv("INVENTREE_SECRET_KEY").strip()
+    logger.info("SECRET_KEY loaded by INVENTREE_SECRET_KEY")
+else:
+    # Secret key passed in by file location
+    key_file = os.getenv("INVENTREE_SECRET_KEY_FILE")
+    if key_file:
+        if os.path.isfile(key_file):
+            logger.info("SECRET_KEY loaded by INVENTREE_SECRET_KEY_FILE")
+        else:
+            logger.error(f"Secret key file {key_file} not found")
+            exit(-1)
+    else:
+        # default secret key location
+        key_file = os.path.join(BASE_DIR, "secret_key.txt")
+        logger.info(f"SECRET_KEY loaded from {key_file}")
+    try:
+        SECRET_KEY = open(key_file, "r").read().strip()
+    except Exception:
+        logger.exception(f"Couldn't load keyfile {key_file}")
+        sys.exit(-1)

 # List of allowed hosts (default = allow all)
 ALLOWED_HOSTS = CONFIG.get('allowed_hosts', ['*'])
@ -112,7 +129,7 @@ MEDIA_ROOT = os.path.abspath(CONFIG.get('media_root', os.path.join(BASE_DIR, 'me

 if DEBUG:
    logger.info("InvenTree running in DEBUG mode")
-    
+
 logger.info(f"MEDIA_ROOT: '{MEDIA_ROOT}'")
 logger.info(f"STATIC_ROOT: '{STATIC_ROOT}'")

@ -315,7 +332,7 @@ else:
    - However there may be reason to configure the DB via environmental variables
    - The following code lets the user "mix and match" database configuration
    """
-    
+
    logger.info("Configuring database backend:")

    # Extract database configuration from the config.yaml file
@ -341,7 +358,7 @@ else:

    # Check that required database configuration options are specified
    reqiured_keys = ['ENGINE', 'NAME']
-    
+
    for key in reqiured_keys:
        if key not in db_config:
            error_msg = f'Missing required database configuration value {key} in config.yaml'