diff --git a/app/__init__.py b/app/__init__.py index 2d20ff9..4f19735 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -8,6 +8,10 @@ import time app = Flask(__name__) app.config.from_object(Config) +# Check security of secret +if Config.SECRET_KEY == "a-random-secret-key": + raise Exception("Please use a strong secret key!") + db = SQLAlchemy(app) migrate = Migrate(app, db) diff --git a/config.py b/config.py index 1501d3b..892ccd5 100644 --- a/config.py +++ b/config.py @@ -1,14 +1,16 @@ import os import datetime -from local_config import DB_NAME +from local_config import DB_NAME, SECRET_KEY class Config(object): - SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key' + SECRET_KEY = os.environ.get('SECRET_KEY') or SECRET_KEY SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \ 'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' + DB_NAME SQLALCHEMY_TRACK_MODIFICATIONS = False UPLOAD_FOLDER = './app/static/avatars' + SESSION_COOKIE_SECURE = True + REMEMBER_COOKIE_SECURE = True class V5Config(object): @@ -27,3 +29,11 @@ class V5Config(object): THREAD_NAME_MAXLEN = 32 # Remember-me cookie duration time REMEMBER_COOKIE_DURATION = datetime.timedelta(days=7) + # XP points for content posting (and deletion) + XP_POINTS = { + 'topic': 2, + 'program': 5, + 'tutorial': 5, + 'comment': 1, + 'contest': 10, + } diff --git a/local_config.py.default b/local_config.py.default index b6dfff2..e21a830 100644 --- a/local_config.py.default +++ b/local_config.py.default @@ -2,3 +2,4 @@ DB_NAME = "pcv5" USE_LDAP = False LDAP_PASSWORD = "openldap" LDAP_ORGANIZATION = "o=planet-casio" +SECRET_KEY = "a-random-secret-key" # CHANGE THIS VALUE *NOW*