mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-25 10:54:18 +00:00
Add security enhancements. See: https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications
This commit is contained in:
parent
9f62e782f0
commit
4ac4fcb4ff
@ -2,6 +2,7 @@ from config import config
|
|||||||
from flask import Flask
|
from flask import Flask
|
||||||
from flask_login import LoginManager
|
from flask_login import LoginManager
|
||||||
from flask_mail import Mail
|
from flask_mail import Mail
|
||||||
|
from flask_paranoid import Paranoid
|
||||||
from flask_socketio import SocketIO
|
from flask_socketio import SocketIO
|
||||||
from flask_sqlalchemy import SQLAlchemy
|
from flask_sqlalchemy import SQLAlchemy
|
||||||
import logging
|
import logging
|
||||||
@ -12,6 +13,8 @@ logger = logging.getLogger(__name__)
|
|||||||
login_manager = LoginManager()
|
login_manager = LoginManager()
|
||||||
login_manager.login_view = 'auth.login'
|
login_manager.login_view = 'auth.login'
|
||||||
mail = Mail()
|
mail = Mail()
|
||||||
|
paranoid = Paranoid()
|
||||||
|
paranoid.redirect_view = '/'
|
||||||
socketio = SocketIO()
|
socketio = SocketIO()
|
||||||
|
|
||||||
|
|
||||||
@ -23,6 +26,7 @@ def create_app(config_name):
|
|||||||
db.init_app(app)
|
db.init_app(app)
|
||||||
login_manager.init_app(app)
|
login_manager.init_app(app)
|
||||||
mail.init_app(app)
|
mail.init_app(app)
|
||||||
|
paranoid.init_app(app)
|
||||||
socketio.init_app(app, message_queue='redis://redis:6379/')
|
socketio.init_app(app, message_queue='redis://redis:6379/')
|
||||||
|
|
||||||
from . import events
|
from . import events
|
||||||
|
@ -6,6 +6,11 @@ import logging
|
|||||||
class Config:
|
class Config:
|
||||||
''' ### Flask ### '''
|
''' ### Flask ### '''
|
||||||
SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string'
|
SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string'
|
||||||
|
SESSION_COOKIE_SECURE = True
|
||||||
|
|
||||||
|
''' ### Flask-Login ### '''
|
||||||
|
REMEMBER_COOKIE_HTTPONLY = True
|
||||||
|
REMEMBER_COOKIE_SECURE = True
|
||||||
|
|
||||||
''' ### Flask-Mail ### '''
|
''' ### Flask-Mail ### '''
|
||||||
MAIL_SERVER = os.environ.get('MAIL_SERVER')
|
MAIL_SERVER = os.environ.get('MAIL_SERVER')
|
||||||
|
@ -27,17 +27,16 @@ services:
|
|||||||
- "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
|
- "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
|
||||||
### </http> ###
|
### </http> ###
|
||||||
### <https> ###
|
### <https> ###
|
||||||
- "traefik.http.middlewares.nopaquesecure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
- "traefik.http.middlewares.nopaque-secure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||||||
- "traefik.http.routers.nopaquesecure.entrypoints=websecure"
|
- "traefik.http.routers.nopaque-secure.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-headers"
|
- "traefik.http.routers.nopaque-secure.middlewares=nopaque-secure-headers"
|
||||||
- "traefik.http.routers.nopaquesecure.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
|
- "traefik.http.routers.nopaque-secure.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
|
||||||
- "traefik.http.routers.nopaquesecure.tls=true"
|
- "traefik.http.routers.nopaque-secure.tls=true"
|
||||||
### </https> ###
|
### </https> ###
|
||||||
### <basicauth help="https://docs.traefik.io/middlewares/basicauth/"> ###
|
### <basicauth help="https://docs.traefik.io/middlewares/basicauth/"> ###
|
||||||
# - "traefik.http.middlewares.nopaque-basicauth.basicauth.users=name:hashed-password"
|
# - "traefik.http.middlewares.nopaque-basicauth.basicauth.users=name:hashed-password"
|
||||||
# - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-headers, nopaque-redirectscheme"
|
# - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-headers, nopaque-redirectscheme"
|
||||||
# - "traefik.http.middlewares.nopaquesecure-basicauth.basicauth.users=name:hashed-password"
|
# - "traefik.http.routers.nopaque-secure.middlewares=nopaque-basicauth, nopaquesecure-headers"
|
||||||
# - "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-basicauth, nopaquesecure-headers"
|
|
||||||
### </basicauth> ###
|
### </basicauth> ###
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
|
@ -5,6 +5,7 @@ Flask
|
|||||||
Flask-Login
|
Flask-Login
|
||||||
Flask-Mail
|
Flask-Mail
|
||||||
Flask-Migrate
|
Flask-Migrate
|
||||||
|
Flask-Paranoid
|
||||||
Flask-SocketIO
|
Flask-SocketIO
|
||||||
Flask-SQLAlchemy
|
Flask-SQLAlchemy
|
||||||
Flask-Table
|
Flask-Table
|
||||||
|
Loading…
Reference in New Issue
Block a user