ilyass yani commited on
Commit ·
64ba296
1
Parent(s): be3fdd0
Securisation SECRET_KEY
Browse files- app/core/security.py +13 -1
app/core/security.py
CHANGED
|
@@ -11,7 +11,19 @@ from app.schemas.user import TokenData
|
|
| 11 |
|
| 12 |
|
| 13 |
# Configuration
|
| 14 |
-
SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-in-production-to-something-very-secure-and-random")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
ALGORITHM = "HS256"
|
| 16 |
ACCESS_TOKEN_EXPIRE_MINUTES = 30 * 24 * 60 # 30 days in minutes
|
| 17 |
|
|
|
|
| 11 |
|
| 12 |
|
| 13 |
# Configuration
|
| 14 |
+
#SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-in-production-to-something-very-secure-and-random")
|
| 15 |
+
SECRET_KEY = os.getenv("SECRET_KEY")
|
| 16 |
+
_INSECURE_DEFAULT = "your-secret-key-change-in-production-to-something-very-secure-and-random"
|
| 17 |
+
if not SECRET_KEY or SECRET_KEY == _INSECURE_DEFAULT:
|
| 18 |
+
# Autorise un fallback uniquement en dev local explicite
|
| 19 |
+
if os.getenv("ALLOW_INSECURE_SECRET", "false").lower() == "true":
|
| 20 |
+
SECRET_KEY = _INSECURE_DEFAULT
|
| 21 |
+
else:
|
| 22 |
+
raise RuntimeError(
|
| 23 |
+
"SECRET_KEY manquante ou non securisee. "
|
| 24 |
+
"Definis une vraie cle via la variable d'environnement SECRET_KEY "
|
| 25 |
+
"(genere-la avec: python -c \"import secrets; print(secrets.token_hex(32))\")."
|
| 26 |
+
)
|
| 27 |
ALGORITHM = "HS256"
|
| 28 |
ACCESS_TOKEN_EXPIRE_MINUTES = 30 * 24 * 60 # 30 days in minutes
|
| 29 |
|