Auto-generate SESSION_SECRET_KEY when not provided
If the env var is unset, a random key is generated at startup. This removes a manual setup step. The README and .env.example are updated to reflect that the variable is now optional (but recommended in production for session persistence across restarts). https://claude.ai/code/session_018iMt5qm4j9bk8wzytLC3E6
This commit is contained in:
@@ -25,5 +25,6 @@ LIDARR_QUALITY_PROFILE_ID=1
|
|||||||
LIDARR_ROOT_FOLDER=/music
|
LIDARR_ROOT_FOLDER=/music
|
||||||
|
|
||||||
# App
|
# App
|
||||||
SESSION_SECRET_KEY=change-me-to-a-random-secret
|
# SESSION_SECRET_KEY is auto-generated if omitted. Set it explicitly so sessions survive restarts.
|
||||||
|
# SESSION_SECRET_KEY=
|
||||||
DATABASE_PATH=bellhop.db
|
DATABASE_PATH=bellhop.db
|
||||||
|
|||||||
@@ -64,7 +64,6 @@ Create a `.env` file in the project root (or pass variables via Docker `--env-fi
|
|||||||
| Variable | Description |
|
| Variable | Description |
|
||||||
|---|---|
|
|---|---|
|
||||||
| `MATRIX_HOMESERVER_URL` | Base URL of your Matrix homeserver (e.g. `https://matrix.example.com`) |
|
| `MATRIX_HOMESERVER_URL` | Base URL of your Matrix homeserver (e.g. `https://matrix.example.com`) |
|
||||||
| `SESSION_SECRET_KEY` | Random secret used internally. Generate one with `python -c "import secrets; print(secrets.token_urlsafe(32))"` |
|
|
||||||
|
|
||||||
### *arr Services
|
### *arr Services
|
||||||
|
|
||||||
@@ -115,6 +114,7 @@ Copy the `access_token` from the response.
|
|||||||
|
|
||||||
| Variable | Default | Description |
|
| Variable | Default | Description |
|
||||||
|---|---|---|
|
|---|---|---|
|
||||||
|
| `SESSION_SECRET_KEY` | _(auto-generated)_ | Secret for signing session cookies. Auto-generated at startup if not set. Set this explicitly in production so sessions survive restarts. |
|
||||||
| `DATABASE_PATH` | `bellhop.db` | Path to the SQLite database file |
|
| `DATABASE_PATH` | `bellhop.db` | Path to the SQLite database file |
|
||||||
|
|
||||||
## API Reference
|
## API Reference
|
||||||
@@ -244,7 +244,7 @@ Bellhop/
|
|||||||
### Production Recommendations
|
### Production Recommendations
|
||||||
|
|
||||||
- Run behind a reverse proxy (nginx, Caddy, Traefik) with TLS termination so the `secure` cookie flag works.
|
- Run behind a reverse proxy (nginx, Caddy, Traefik) with TLS termination so the `secure` cookie flag works.
|
||||||
- Set `SESSION_SECRET_KEY` to a strong random value.
|
- Set `SESSION_SECRET_KEY` explicitly so sessions survive process restarts.
|
||||||
- Restrict network access to your *arr instances — only the Bellhop container needs to reach them.
|
- Restrict network access to your *arr instances — only the Bellhop container needs to reach them.
|
||||||
- Use a dedicated Matrix bot account for audit logging rather than a personal account.
|
- Use a dedicated Matrix bot account for audit logging rather than a personal account.
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
import os
|
import os
|
||||||
|
import secrets
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
from dotenv import load_dotenv
|
from dotenv import load_dotenv
|
||||||
@@ -38,5 +39,5 @@ LIDARR_QUALITY_PROFILE_ID: int = int(os.getenv("LIDARR_QUALITY_PROFILE_ID", "1")
|
|||||||
LIDARR_ROOT_FOLDER: str = os.getenv("LIDARR_ROOT_FOLDER", "/music")
|
LIDARR_ROOT_FOLDER: str = os.getenv("LIDARR_ROOT_FOLDER", "/music")
|
||||||
|
|
||||||
# App
|
# App
|
||||||
SESSION_SECRET_KEY: str = _require("SESSION_SECRET_KEY")
|
SESSION_SECRET_KEY: str = os.getenv("SESSION_SECRET_KEY") or secrets.token_urlsafe(32)
|
||||||
DATABASE_PATH: str = os.getenv("DATABASE_PATH", "bellhop.db")
|
DATABASE_PATH: str = os.getenv("DATABASE_PATH", "bellhop.db")
|
||||||
|
|||||||
Reference in New Issue
Block a user