Add cookie secret to DB

Allow users to reset cookie and api secret Add Crafty row to table on fresh install Change inserts to updates for crafty settings table.
2024-08-30 18:23:09 +00:00 · 2023-01-29 16:54:02 -05:00 · 2023-01-29 16:54:02 -05:00 · 2d9529ba0c
commit 2d9529ba0c
parent aa2ba4f8cf
7 changed files with 79 additions and 8 deletions
--- a/app/classes/controllers/management_controller.py
+++ b/app/classes/controllers/management_controller.py
@ -46,6 +46,14 @@ class ManagementController:
    def get_crafty_api_key():
        return HelpersManagement.get_secret_api_key()

+    @staticmethod
+    def set_cookie_secret(key):
+        HelpersManagement.set_cookie_secret(key)
+
+    @staticmethod
+    def add_crafty_row():
+        HelpersManagement.create_crafty_row()
+
    # **********************************************************************************
    #                                   Commands Methods
    # **********************************************************************************
--- a/app/classes/models/management.py
+++ b/app/classes/models/management.py
@ -43,6 +43,7 @@ class AuditLog(BaseModel):
 # **********************************************************************************
 class CraftySettings(BaseModel):
    secret_api_key = CharField(default="")
+    cookie_secret = CharField(default="")
    login_photo = CharField(default="login_1.jpg")
    login_opacity = IntegerField(default=100)

@ -204,9 +205,22 @@ class HelpersManagement:
            else:
                return

+    @staticmethod
+    def create_crafty_row():
+        CraftySettings.insert(
+            {
+                CraftySettings.secret_api_key: "",
+                CraftySettings.cookie_secret: "",
+                CraftySettings.login_photo: "login_1.jpg",
+                CraftySettings.login_opacity: 100,
+            }
+        ).execute()
+
    @staticmethod
    def set_secret_api_key(key):
-        CraftySettings.insert(secret_api_key=key).execute()
+        CraftySettings.update({CraftySettings.secret_api_key: key}).where(
+            CraftySettings.id == 1
+        ).execute()

    @staticmethod
    def get_secret_api_key():
@ -215,6 +229,19 @@ class HelpersManagement:
        )
        return settings[0].secret_api_key

+    @staticmethod
+    def get_cookie_secret():
+        settings = CraftySettings.select(CraftySettings.cookie_secret).where(
+            CraftySettings.id == 1
+        )
+        return settings[0].cookie_secret
+
+    @staticmethod
+    def set_cookie_secret(key):
+        CraftySettings.update({CraftySettings.cookie_secret: key}).where(
+            CraftySettings.id == 1
+        ).execute()
+
    # **********************************************************************************
    #                                  Config Methods
    # **********************************************************************************
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@ -403,8 +403,6 @@ class Helpers:
            "https_port": 8443,
            "language": "en_EN",
            "cookie_expire": 30,
-            "cookie_secret": "random",
-            "apikey_secret": "random",
            "show_errors": True,
            "history_max_age": 7,
            "stats_update_frequency": 30,
@ -418,6 +416,7 @@ class Helpers:
            "keywords": ["help", "chunk"],
            "allow_nsfw_profile_pictures": False,
            "enable_user_self_delete": False,
+            "reset_secrets_on_boot": False,
        }

    def get_all_settings(self):
--- a/app/classes/shared/main_models.py
+++ b/app/classes/shared/main_models.py
@ -8,9 +8,10 @@ logger = logging.getLogger(__name__)


 class DatabaseBuilder:
-    def __init__(self, database, helper, users_helper):
+    def __init__(self, database, helper, users_helper, management_helper):
        self.database = database
        self.helper = helper
+        self.management_helper = management_helper
        self.users_helper = users_helper

    def default_settings(self):
@ -29,6 +30,8 @@ class DatabaseBuilder:
            manager=None,
        )

+        self.management_helper.create_crafty_row()
+
    def is_fresh_install(self):
        try:
            num_user = self.users_helper.get_user_total()
--- a/app/classes/web/tornado_handler.py
+++ b/app/classes/web/tornado_handler.py
@ -11,6 +11,7 @@ import tornado.escape
 import tornado.locale
 import tornado.httpserver

+from app.classes.models.management import HelpersManagement
 from app.classes.shared.console import Console
 from app.classes.shared.helpers import Helpers
 from app.classes.shared.main_controller import Controller
@ -110,10 +111,13 @@ class Webserver:
        https_port = self.helper.get_setting("https_port")

        debug_errors = self.helper.get_setting("show_errors")
-        cookie_secret = self.helper.get_setting("cookie_secret")
-
-        if cookie_secret is False:
+        try:
+            cookie_secret = HelpersManagement.get_cookie_secret()
+        except:
+            cookie_secret = False
+        if cookie_secret is False or cookie_secret == "":
            cookie_secret = self.helper.random_string_generator(32)
+            HelpersManagement.set_cookie_secret(cookie_secret)

        if not http_port:
            http_port = 8000
--- a/app/migrations/20230129_secrets_shh.py
+++ b/app/migrations/20230129_secrets_shh.py
@ -0,0 +1,16 @@
+# Generated by database migrator
+import peewee
+
+
+def migrate(migrator, database, **kwargs):
+    migrator.add_columns("crafty_settings", cookie_secret=peewee.CharField(default=""))
+    """
+    Write your migrations here.
+    """
+
+
+def rollback(migrator, database, **kwargs):
+    migrator.drop_columns("crafty_settings", ["cookie_secret"])
+    """
+    Write your rollback migrations here.
+    """
--- a/main.py
+++ b/main.py
@ -14,6 +14,7 @@ from app.classes.shared.import3 import Import3
 from app.classes.shared.console import Console
 from app.classes.shared.helpers import Helpers
 from app.classes.models.users import HelperUsers
+from app.classes.models.management import HelpersManagement
 from app.classes.shared.import_helper import ImportHelpers

 console = Console()
@ -124,7 +125,8 @@ if __name__ == "__main__":

    # do our installer stuff
    user_helper = HelperUsers(database, helper)
-    installer = DatabaseBuilder(database, helper, user_helper)
+    management_helper = HelpersManagement(database, helper)
+    installer = DatabaseBuilder(database, helper, user_helper, management_helper)
    FRESH_INSTALL = installer.is_fresh_install()

    if FRESH_INSTALL:
@ -145,6 +147,18 @@ if __name__ == "__main__":
    Console.info("Checking for remote changes to config.json")
    controller.get_config_diff()
    Console.info("Remote change complete.")
+
+    Console.info("Checking for reset secret flag")
+    if helper.get_setting("reset_secrets_on_boot"):
+        Console.info("Found Reset")
+        controller.management.set_crafty_api_key(
+            str(helper.random_string_generator(64))
+        )
+        controller.management.set_cookie_secret(str(helper.random_string_generator(32)))
+        helper.set_setting("reset_secrets_on_boot", False)
+    else:
+        Console.info("No flag found. Secrets are staying")
+
    import3 = Import3(helper, controller)
    tasks_manager = TasksManager(helper, controller)
    tasks_manager.start_webserver()