kqjy/MyFSIO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 13 Wiki Activity

Fix CSRF token issue on login

Browse Source
This commit is contained in:
kqjy
2025-11-22 15:13:33 +08:00
parent 36c08b0ac1
commit 9064f9d60e
2 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/__init__.py
View File

@@ -81,6 +81,11 @@ def create_app(
app.extensions["connections"] = connections app.extensions["connections"] = connections
app.extensions["replication"] = replication app.extensions["replication"] = replication
@app.after_request
def set_server_header(response):
response.headers["Server"] = "MyFSIO"
return response
@app.errorhandler(500) @app.errorhandler(500)
def internal_error(error): def internal_error(error):
return render_template('500.html'), 500 return render_template('500.html'), 500

22
app/config.py
View File

@@ -78,11 +78,25 @@ class AppConfig:
multipart_min_part_size = int(_get("MULTIPART_MIN_PART_SIZE", 5 * 1024 * 1024)) multipart_min_part_size = int(_get("MULTIPART_MIN_PART_SIZE", 5 * 1024 * 1024))
default_secret = "dev-secret-key" default_secret = "dev-secret-key"
secret_key = str(_get("SECRET_KEY", default_secret)) secret_key = str(_get("SECRET_KEY", default_secret))
# If using default/missing secret, try to load/persist a generated one from disk
# This ensures consistency across Gunicorn workers
if not secret_key or secret_key == default_secret: if not secret_key or secret_key == default_secret:
generated = secrets.token_urlsafe(32) secret_file = storage_root / ".myfsio.sys" / "config" / ".secret"
if secret_key == default_secret: if secret_file.exists():
warnings.warn("Using insecure default SECRET_KEY. A random value has been generated; set SECRET_KEY for production", RuntimeWarning) secret_key = secret_file.read_text().strip()
secret_key = generated else:
generated = secrets.token_urlsafe(32)
if secret_key == default_secret:
warnings.warn("Using insecure default SECRET_KEY. A random value has been generated and persisted; set SECRET_KEY for production", RuntimeWarning)
try:
secret_file.parent.mkdir(parents=True, exist_ok=True)
secret_file.write_text(generated)
secret_key = generated
except OSError:
# Fallback if we can't write to disk (e.g. read-only fs)
secret_key = generated
iam_env_override = "IAM_CONFIG" in overrides or "IAM_CONFIG" in os.environ iam_env_override = "IAM_CONFIG" in overrides or "IAM_CONFIG" in os.environ
bucket_policy_override = "BUCKET_POLICY_PATH" in overrides or "BUCKET_POLICY_PATH" in os.environ bucket_policy_override = "BUCKET_POLICY_PATH" in overrides or "BUCKET_POLICY_PATH" in os.environ