b135f11557
Security (P0): - Remove committed session-secret default; auto-generate and persist a random secret to the config volume when SESSION_SECRET is unset (prevents forgeable session cookies / auth bypass). - Validate playlist names to a safe charset and render sldl configs via literal Python substitution instead of sed (closes a command-injection and path-traversal path through playlist names). - shlex-quote credential values written to shell-sourced env files, and strip newlines from values patched into .conf files. - Render playlist .conf files 0600; warn at startup if the master key is co-located with the config volume; document keeping it separate. Portability: - Configurable timezone via TZ (default UTC) instead of hardcoded Edmonton. - Remove personal defaults (navidrome user "andrew", ephemeral.club URLs). - Ship generic example seeds; move the cross-album dedup keep-list and the legacy playlist import to editable config files; drop the personal _upgrade.csv. - Generic VPN reference in docker-compose.snippet.yml. First-run experience: - Redirect to /setup instead of 500 when OIDC is unconfigured; surface a missing master key inline; entrypoint exits with an actionable message when the config folder is not writable. - Add unauthenticated /health (JSON) and /setup (checklist) diagnostics. Docs: - Write docs/ARCHITECTURE.md and docs/MIGRATION.md (previously referenced but missing); expand README with ownership, backups, advanced settings, and migration guidance. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
69 lines
2.7 KiB
Python
69 lines
2.7 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, Request
|
|
from fastapi.responses import RedirectResponse
|
|
from fastapi.templating import Jinja2Templates
|
|
|
|
from app.db import get_db
|
|
from app.security import crypto
|
|
from app.security.deps import require_auth
|
|
from app.services import credential_service
|
|
|
|
router = APIRouter(prefix="/settings/credentials", tags=["credentials"])
|
|
templates = Jinja2Templates(directory="app/templates")
|
|
|
|
|
|
@router.get("")
|
|
async def credentials_index(request: Request, user: dict = Depends(require_auth), db=Depends(get_db)):
|
|
# Write-only by design: never send a previously-saved secret value back
|
|
# to the browser. Each scope just reports which fields are already set.
|
|
configured = {
|
|
scope: set(credential_service.get_scope(db, scope).keys())
|
|
for scope in credential_service.SCOPE_FIELDS
|
|
}
|
|
enabled = {
|
|
scope: credential_service.is_scope_enabled(db, scope)
|
|
for scope in credential_service.SCOPE_FIELDS
|
|
}
|
|
return templates.TemplateResponse(
|
|
request,
|
|
"credentials/index.html",
|
|
{
|
|
"scope_fields": credential_service.SCOPE_FIELDS,
|
|
"scope_descriptions": credential_service.SCOPE_DESCRIPTIONS,
|
|
"core_scopes": credential_service.CORE_SCOPES,
|
|
"configured": configured,
|
|
"enabled": enabled,
|
|
"key_present": crypto.key_present(),
|
|
},
|
|
)
|
|
|
|
|
|
@router.post("/{scope}")
|
|
async def save_credentials(
|
|
scope: str, request: Request, user: dict = Depends(require_auth), db=Depends(get_db)
|
|
):
|
|
if scope not in credential_service.SCOPE_FIELDS:
|
|
raise HTTPException(404, "unknown credential scope")
|
|
form = await request.form()
|
|
values = {
|
|
field: value
|
|
for field, value in form.items()
|
|
if field in credential_service.SCOPE_FIELDS[scope] and value != ""
|
|
}
|
|
try:
|
|
credential_service.set_credentials(db, scope, values)
|
|
except RuntimeError:
|
|
# Almost always the encryption key is missing, so the value can't be
|
|
# encrypted. Redirect back; the page shows a key-missing banner with
|
|
# exactly what to do.
|
|
return RedirectResponse(url="/settings/credentials", status_code=303)
|
|
return RedirectResponse(url="/settings/credentials", status_code=303)
|
|
|
|
|
|
@router.post("/{scope}/toggle")
|
|
async def toggle_scope(scope: str, user: dict = Depends(require_auth), db=Depends(get_db)):
|
|
if scope not in credential_service.OPTIONAL_SCOPES:
|
|
raise HTTPException(404, "unknown or non-toggleable credential scope")
|
|
currently_enabled = credential_service.is_scope_enabled(db, scope)
|
|
credential_service.set_scope_enabled(db, scope, not currently_enabled)
|
|
return RedirectResponse(url="/settings/credentials", status_code=303)
|