diff --git a/app/__init__.py b/app/__init__.py index cf75a06..5afd75c 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -81,6 +81,11 @@ def create_app( app.extensions["connections"] = connections app.extensions["replication"] = replication + @app.after_request + def set_server_header(response): + response.headers["Server"] = "MyFSIO" + return response + @app.errorhandler(500) def internal_error(error): return render_template('500.html'), 500 diff --git a/app/config.py b/app/config.py index 282b3a9..2033cbd 100644 --- a/app/config.py +++ b/app/config.py @@ -78,11 +78,25 @@ class AppConfig: multipart_min_part_size = int(_get("MULTIPART_MIN_PART_SIZE", 5 * 1024 * 1024)) default_secret = "dev-secret-key" secret_key = str(_get("SECRET_KEY", default_secret)) + + # If using default/missing secret, try to load/persist a generated one from disk + # This ensures consistency across Gunicorn workers if not secret_key or secret_key == default_secret: - generated = secrets.token_urlsafe(32) - if secret_key == default_secret: - warnings.warn("Using insecure default SECRET_KEY. A random value has been generated; set SECRET_KEY for production", RuntimeWarning) - secret_key = generated + secret_file = storage_root / ".myfsio.sys" / "config" / ".secret" + if secret_file.exists(): + secret_key = secret_file.read_text().strip() + else: + generated = secrets.token_urlsafe(32) + if secret_key == default_secret: + warnings.warn("Using insecure default SECRET_KEY. A random value has been generated and persisted; set SECRET_KEY for production", RuntimeWarning) + try: + secret_file.parent.mkdir(parents=True, exist_ok=True) + secret_file.write_text(generated) + secret_key = generated + except OSError: + # Fallback if we can't write to disk (e.g. read-only fs) + secret_key = generated + iam_env_override = "IAM_CONFIG" in overrides or "IAM_CONFIG" in os.environ bucket_policy_override = "BUCKET_POLICY_PATH" in overrides or "BUCKET_POLICY_PATH" in os.environ