Merge pull request #58 from Fntoomen/devel

Use encrypted cookie storage
mikolajlubiak · Aug 12, 2023 · a2d45cc · a2d45cc
2 parents 0acffed + e0f63dd
commit a2d45cc
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/motey/infrastructure/config.py b/motey/infrastructure/config.py
@@ -1,7 +1,9 @@
 import os
 import pathlib
+import base64
 
 from dataclasses import dataclass
+from cryptography.fernet import Fernet
 
 
 @dataclass(frozen=True)
@@ -16,6 +18,7 @@ class Config:
     # HTTP
     http_host = os.getenv('HTTP_HOST')
     http_port = int(os.getenv('HTTP_PORT'))
+    cookie_encryption_key = base64.urlsafe_b64decode(Fernet.generate_key())
 
     # Filesystem
     base_dir = pathlib.Path(__file__).parent.parent
@@ -31,4 +34,4 @@ class Config:
     auth_start_url = os.getenv('AUTH_START_URL')
 
     #BOT
-    token = os.getenv('BOT_TOKEN')
+    token = os.getenv('BOT_TOKEN')
diff --git a/motey/infrastructure/http/server.py b/motey/infrastructure/http/server.py
@@ -2,6 +2,7 @@
 import aiohttp_jinja2
 import jinja2
 import aiohttp_session
+import aiohttp_session.cookie_storage
 import logging
 
 
@@ -25,7 +26,7 @@ def run_app(config: Config = Config()) -> None:
     app = web.Application(client_max_size=16780000)
     aiohttp_jinja2.setup(app, loader=_build_jinja_loader())
     setup_routes(app)
-    aiohttp_session.setup(app, aiohttp_session.SimpleCookieStorage())
+    aiohttp_session.setup(app, aiohttp_session.cookie_storage.EncryptedCookieStorage(config.cookie_encryption_key))
     setup_middlewares(app)
     app.cleanup_ctx.append(_attach_database_context)
     logging.basicConfig(level=logging.DEBUG)

diff --git a/requirements.txt b/requirements.txt
@@ -19,3 +19,4 @@ PyMySQL==1.1.0
 SQLAlchemy==2.0.17
 typing_extensions==4.7.0
 yarl==1.9.2
+cryptography==41.0.3