sporada/nopaque
1
0
Fork 0
mirror of https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git synced 2025-11-04 12:22:47 +00:00
Code Issues Projects Releases Wiki Activity

Add security enhancements. See: https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications

Browse Source
This commit is contained in:
Patrick Jentsch
2020-06-02 16:51:08 +02:00
parent 9f62e782f0
commit 4ac4fcb4ff
4 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/__init__.py
View File

@@ -2,6 +2,7 @@ from config import config
from flask import Flask from flask import Flask
from flask_login import LoginManager from flask_login import LoginManager
from flask_mail import Mail from flask_mail import Mail
from flask_paranoid import Paranoid
from flask_socketio import SocketIO from flask_socketio import SocketIO
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
import logging import logging
@@ -12,6 +13,8 @@ logger = logging.getLogger(__name__)
login_manager = LoginManager() login_manager = LoginManager()
login_manager.login_view = 'auth.login' login_manager.login_view = 'auth.login'
mail = Mail() mail = Mail()
paranoid = Paranoid()
paranoid.redirect_view = '/'
socketio = SocketIO() socketio = SocketIO()
@@ -23,6 +26,7 @@ def create_app(config_name):
db.init_app(app) db.init_app(app)
login_manager.init_app(app) login_manager.init_app(app)
mail.init_app(app) mail.init_app(app)
paranoid.init_app(app)
socketio.init_app(app, message_queue='redis://redis:6379/') socketio.init_app(app, message_queue='redis://redis:6379/')
from . import events from . import events

5
config.py
View File

@@ -6,6 +6,11 @@ import logging
class Config: class Config:
''' ### Flask ### ''' ''' ### Flask ### '''
SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string' SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string'
SESSION_COOKIE_SECURE = True
''' ### Flask-Login ### '''
REMEMBER_COOKIE_HTTPONLY = True
REMEMBER_COOKIE_SECURE = True
''' ### Flask-Mail ### ''' ''' ### Flask-Mail ### '''
MAIL_SERVER = os.environ.get('MAIL_SERVER') MAIL_SERVER = os.environ.get('MAIL_SERVER')

13
docker-compose.yml
View File

@@ -27,17 +27,16 @@ services:
- "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain - "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
### </http> ### ### </http> ###
### <https> ### ### <https> ###
- "traefik.http.middlewares.nopaquesecure-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.nopaque-secure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.nopaquesecure.entrypoints=websecure" - "traefik.http.routers.nopaque-secure.entrypoints=web-secure"
- "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-headers" - "traefik.http.routers.nopaque-secure.middlewares=nopaque-secure-headers"
- "traefik.http.routers.nopaquesecure.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain - "traefik.http.routers.nopaque-secure.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
- "traefik.http.routers.nopaquesecure.tls=true" - "traefik.http.routers.nopaque-secure.tls=true"
### </https> ### ### </https> ###
### <basicauth help="https://docs.traefik.io/middlewares/basicauth/"> ### ### <basicauth help="https://docs.traefik.io/middlewares/basicauth/"> ###
# - "traefik.http.middlewares.nopaque-basicauth.basicauth.users=name:hashed-password" # - "traefik.http.middlewares.nopaque-basicauth.basicauth.users=name:hashed-password"
# - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-headers, nopaque-redirectscheme" # - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-headers, nopaque-redirectscheme"
# - "traefik.http.middlewares.nopaquesecure-basicauth.basicauth.users=name:hashed-password" # - "traefik.http.routers.nopaque-secure.middlewares=nopaque-basicauth, nopaquesecure-headers"
# - "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-basicauth, nopaquesecure-headers"
### </basicauth> ### ### </basicauth> ###
networks: networks:
- default - default

1
requirements.txt
View File

@@ -5,6 +5,7 @@ Flask
Flask-Login Flask-Login
Flask-Mail Flask-Mail
Flask-Migrate Flask-Migrate
Flask-Paranoid
Flask-SocketIO Flask-SocketIO
Flask-SQLAlchemy Flask-SQLAlchemy
Flask-Table Flask-Table