Merge pull request #2 from prosolis/claude/bellhop-matrix-portal-MkQle

Autogenerate session key when not provided
This commit is contained in:
prosolis
2026-02-27 14:19:08 -08:00
committed by GitHub
3 changed files with 6 additions and 4 deletions

View File

@@ -25,5 +25,6 @@ LIDARR_QUALITY_PROFILE_ID=1
LIDARR_ROOT_FOLDER=/music LIDARR_ROOT_FOLDER=/music
# App # App
SESSION_SECRET_KEY=change-me-to-a-random-secret # SESSION_SECRET_KEY is auto-generated if omitted. A new key on every restart invalidates all sessions.
# SESSION_SECRET_KEY=
DATABASE_PATH=bellhop.db DATABASE_PATH=bellhop.db

View File

@@ -64,7 +64,6 @@ Create a `.env` file in the project root (or pass variables via Docker `--env-fi
| Variable | Description | | Variable | Description |
|---|---| |---|---|
| `MATRIX_HOMESERVER_URL` | Base URL of your Matrix homeserver (e.g. `https://matrix.example.com`) | | `MATRIX_HOMESERVER_URL` | Base URL of your Matrix homeserver (e.g. `https://matrix.example.com`) |
| `SESSION_SECRET_KEY` | Random secret used internally. Generate one with `python -c "import secrets; print(secrets.token_urlsafe(32))"` |
### *arr Services ### *arr Services
@@ -115,6 +114,7 @@ Copy the `access_token` from the response.
| Variable | Default | Description | | Variable | Default | Description |
|---|---|---| |---|---|---|
| `SESSION_SECRET_KEY` | _(auto-generated)_ | Secret for signing session cookies. Auto-generated at startup if not set. A new key is generated on every restart, which invalidates all existing sessions. |
| `DATABASE_PATH` | `bellhop.db` | Path to the SQLite database file | | `DATABASE_PATH` | `bellhop.db` | Path to the SQLite database file |
## API Reference ## API Reference
@@ -244,7 +244,7 @@ Bellhop/
### Production Recommendations ### Production Recommendations
- Run behind a reverse proxy (nginx, Caddy, Traefik) with TLS termination so the `secure` cookie flag works. - Run behind a reverse proxy (nginx, Caddy, Traefik) with TLS termination so the `secure` cookie flag works.
- Set `SESSION_SECRET_KEY` to a strong random value. - If you want sessions to persist across restarts, set `SESSION_SECRET_KEY` explicitly. Otherwise, all users are logged out on restart.
- Restrict network access to your *arr instances — only the Bellhop container needs to reach them. - Restrict network access to your *arr instances — only the Bellhop container needs to reach them.
- Use a dedicated Matrix bot account for audit logging rather than a personal account. - Use a dedicated Matrix bot account for audit logging rather than a personal account.

View File

@@ -1,4 +1,5 @@
import os import os
import secrets
from pathlib import Path from pathlib import Path
from dotenv import load_dotenv from dotenv import load_dotenv
@@ -38,5 +39,5 @@ LIDARR_QUALITY_PROFILE_ID: int = int(os.getenv("LIDARR_QUALITY_PROFILE_ID", "1")
LIDARR_ROOT_FOLDER: str = os.getenv("LIDARR_ROOT_FOLDER", "/music") LIDARR_ROOT_FOLDER: str = os.getenv("LIDARR_ROOT_FOLDER", "/music")
# App # App
SESSION_SECRET_KEY: str = _require("SESSION_SECRET_KEY") SESSION_SECRET_KEY: str = os.getenv("SESSION_SECRET_KEY") or secrets.token_urlsafe(32)
DATABASE_PATH: str = os.getenv("DATABASE_PATH", "bellhop.db") DATABASE_PATH: str = os.getenv("DATABASE_PATH", "bellhop.db")