From 4ea565c9d01d79b2c065ec933d56e94cbcb5aa22 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Fri, 11 Feb 2022 21:05:43 -0500 Subject: use app.config for salt --- README-bgstack15.md | 2 -- config.cfg.tpl | 1 + pastebin.py | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/README-bgstack15.md b/README-bgstack15.md index 199b254..10815e2 100644 --- a/README-bgstack15.md +++ b/README-bgstack15.md @@ -11,9 +11,7 @@ Run server. # Improvements I still need to practice these: -* Fix the private bins problem: they always return 403 * Support deleting somehow: from an admin panel, or a link on the page? -* use UUIDs for link instead of sequential integers? # Alternatives diff --git a/config.cfg.tpl b/config.cfg.tpl index d302210..50b4419 100644 --- a/config.cfg.tpl +++ b/config.cfg.tpl @@ -1,3 +1,4 @@ DEBUG=False SQLALCHEMY_DATABASE_URI='sqlite:///pastebin.db' SECRET_KEY='development-key' +SALT='jackson' diff --git a/pastebin.py b/pastebin.py index cd67265..37fda53 100644 --- a/pastebin.py +++ b/pastebin.py @@ -89,7 +89,7 @@ def new_paste(): paste = Paste(g.user, request.form['code'], title, parent=parent, is_private=is_private) db.session.add(paste) db.session.commit() - sign = Signer(app.secret_key, salt='jackson').sign(str(paste.id)) \ + sign = Signer(app.secret_key, salt=app.config['SALT']).sign(str(paste.id)) \ if is_private else None return redirect(url_for('show_paste', paste_id=paste.id, s=sign)) return render_template('new_paste.html', parent=parent) @@ -105,7 +105,7 @@ def show_paste(paste_id): try: sign = request.args.get('s', '') assert str(paste.id) == \ - Signer(app.secret_key, salt='jackson').unsign(sign).decode("utf-8") + Signer(app.secret_key, salt=app.config['SALT']).unsign(sign).decode("utf-8") except: abort(403) parent = None -- cgit