mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-25 10:54:18 +00:00
Add security enhancements. See: https://blog.miguelgrinberg.com/post/cookie-security-for-flask-applications
This commit is contained in:
parent
9f62e782f0
commit
4ac4fcb4ff
@ -2,6 +2,7 @@ from config import config
|
||||
from flask import Flask
|
||||
from flask_login import LoginManager
|
||||
from flask_mail import Mail
|
||||
from flask_paranoid import Paranoid
|
||||
from flask_socketio import SocketIO
|
||||
from flask_sqlalchemy import SQLAlchemy
|
||||
import logging
|
||||
@ -12,6 +13,8 @@ logger = logging.getLogger(__name__)
|
||||
login_manager = LoginManager()
|
||||
login_manager.login_view = 'auth.login'
|
||||
mail = Mail()
|
||||
paranoid = Paranoid()
|
||||
paranoid.redirect_view = '/'
|
||||
socketio = SocketIO()
|
||||
|
||||
|
||||
@ -23,6 +26,7 @@ def create_app(config_name):
|
||||
db.init_app(app)
|
||||
login_manager.init_app(app)
|
||||
mail.init_app(app)
|
||||
paranoid.init_app(app)
|
||||
socketio.init_app(app, message_queue='redis://redis:6379/')
|
||||
|
||||
from . import events
|
||||
|
@ -6,6 +6,11 @@ import logging
|
||||
class Config:
|
||||
''' ### Flask ### '''
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string'
|
||||
SESSION_COOKIE_SECURE = True
|
||||
|
||||
''' ### Flask-Login ### '''
|
||||
REMEMBER_COOKIE_HTTPONLY = True
|
||||
REMEMBER_COOKIE_SECURE = True
|
||||
|
||||
''' ### Flask-Mail ### '''
|
||||
MAIL_SERVER = os.environ.get('MAIL_SERVER')
|
||||
|
@ -27,17 +27,16 @@ services:
|
||||
- "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
|
||||
### </http> ###
|
||||
### <https> ###
|
||||
- "traefik.http.middlewares.nopaquesecure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.routers.nopaquesecure.entrypoints=websecure"
|
||||
- "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-headers"
|
||||
- "traefik.http.routers.nopaquesecure.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
|
||||
- "traefik.http.routers.nopaquesecure.tls=true"
|
||||
- "traefik.http.middlewares.nopaque-secure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.routers.nopaque-secure.entrypoints=web-secure"
|
||||
- "traefik.http.routers.nopaque-secure.middlewares=nopaque-secure-headers"
|
||||
- "traefik.http.routers.nopaque-secure.rule=Host(`nopaque.localhost`)" # Change this to match your nopaque domain
|
||||
- "traefik.http.routers.nopaque-secure.tls=true"
|
||||
### </https> ###
|
||||
### <basicauth help="https://docs.traefik.io/middlewares/basicauth/"> ###
|
||||
# - "traefik.http.middlewares.nopaque-basicauth.basicauth.users=name:hashed-password"
|
||||
# - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-headers, nopaque-redirectscheme"
|
||||
# - "traefik.http.middlewares.nopaquesecure-basicauth.basicauth.users=name:hashed-password"
|
||||
# - "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-basicauth, nopaquesecure-headers"
|
||||
# - "traefik.http.routers.nopaque-secure.middlewares=nopaque-basicauth, nopaquesecure-headers"
|
||||
### </basicauth> ###
|
||||
networks:
|
||||
- default
|
||||
|
@ -5,6 +5,7 @@ Flask
|
||||
Flask-Login
|
||||
Flask-Mail
|
||||
Flask-Migrate
|
||||
Flask-Paranoid
|
||||
Flask-SocketIO
|
||||
Flask-SQLAlchemy
|
||||
Flask-Table
|
||||
|
Loading…
Reference in New Issue
Block a user