use app.config for salt

3 files changed, 3 insertions, 4 deletions

diff --git a/README-bgstack15.md b/README-bgstack15.md
index 199b254..10815e2 100644
--- a/README-bgstack15.md
+++ b/README-bgstack15.md
@@ -11,9 +11,7 @@ Run server.
 # Improvements
 I still need to practice these:
 
-* Fix the private bins problem: they always return 403
 * Support deleting somehow: from an admin panel, or a link on the page?
-* use UUIDs for link instead of sequential integers?
 
 # Alternatives
 
diff --git a/config.cfg.tpl b/config.cfg.tpl
index d302210..50b4419 100644
--- a/config.cfg.tpl
+++ b/config.cfg.tpl
@@ -1,3 +1,4 @@
 DEBUG=False
 SQLALCHEMY_DATABASE_URI='sqlite:///pastebin.db'
 SECRET_KEY='development-key'
+SALT='jackson'
diff --git a/pastebin.py b/pastebin.py
index cd67265..37fda53 100644
--- a/pastebin.py
+++ b/pastebin.py
@@ -89,7 +89,7 @@ def new_paste():
       paste = Paste(g.user, request.form['code'], title, parent=parent, is_private=is_private)
       db.session.add(paste)
       db.session.commit()
-      sign = Signer(app.secret_key, salt='jackson').sign(str(paste.id)) \
+      sign = Signer(app.secret_key, salt=app.config['SALT']).sign(str(paste.id)) \
          if is_private else None
       return redirect(url_for('show_paste', paste_id=paste.id, s=sign))
    return render_template('new_paste.html', parent=parent)
@@ -105,7 +105,7 @@ def show_paste(paste_id):
       try:
          sign = request.args.get('s', '')
          assert str(paste.id) == \
-            Signer(app.secret_key, salt='jackson').unsign(sign).decode("utf-8")
+            Signer(app.secret_key, salt=app.config['SALT']).unsign(sign).decode("utf-8")
       except:
          abort(403)
    parent = None