refactored configuration system

debug.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
-source venv/bin/activate
-flask --app src/app --debug run
+
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
+
+source venv/bin/activate
+CONFIG_PATH=$SCRIPT_DIR/debug_config.py flask --app src/app --debug run
 

debug_config.py

@@ -0,0 +1 @@
+ADMIN_PASSWORD = 'abcdefgh'

src/app.py

@@ -4,16 +4,21 @@ import string
 from flask import Flask
 
 import data.document
-import app_globals
 
 def create_app():
 	app = Flask(__name__)
 	
-	src_path = os.path.dirname(os.path.realpath(__file__))
-	data.document.set_document_root(os.path.realpath(src_path+'/../data/doc'))
-	app_globals.data_root_dir = os.path.realpath(src_path+'/../data')
+	app.config.from_object('app_config')
+	app.config.from_envvar('CONFIG_PATH')
 	
-	secret_key_path = app_globals.data_root_dir + '/flask-secret-key'
+	if len(app.config['ADMIN_PASSWORD']) < 8:
+		raise Exception("Missing or insecure admin password, please update your configuration file")
+		
+	if not app.config['DEBUG'] and app.config['ADMIN_PASSWORD'] == "abcdefgh":
+		raise Exception("Insecure admin password")
+	
+	# generate a new secret_key if needed, and store it in a file
+	secret_key_path = app.config['DATA_ROOT_DIR'] + '/flask-secret-key'
 	if not os.path.isfile(secret_key_path):
 		new_secret_key = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(20))
 		with open(secret_key_path, 'wb') as f:

src/app_config.py

@@ -0,0 +1,8 @@
+import os
+
+src_path = os.path.dirname(os.path.realpath(__file__))
+
+DATA_ROOT_DIR = os.path.realpath(src_path+'/../data')
+DOCUMENT_ROOT_DIR = os.path.realpath(DATA_ROOT_DIR+'/doc')
+
+ADMIN_PASSWORD = '' # You must override this in config.py or the application won't start

src/app_globals.py

@@ -1 +0,0 @@
-admin_password = None

src/data/document.py

@@ -1,13 +1,11 @@
 import os
 import uuid
-from types import SimpleNamespace
+from flask import current_app
 from web_utils.run import run
 import shutil
 from unicodedata import normalize
 import string
 
-document_root = None
-
 def os_path_separators():
 	seps = ['/','\\']
 	for sep in os.path.sep, os.path.altsep:
@@ -120,11 +118,6 @@ class Document:
 				result.append(doc)
 		return result
 
-def set_document_root(dir):
-	global document_root
-	document_root = dir
-	
 def get_document_root():
-	global document_root
-	return document_root
+	return current_app.config['DOCUMENT_ROOT_DIR']
 

src/web/admin/admin.py

@@ -1,25 +1,12 @@
 import os
 import random
 import string
-from flask import Blueprint, render_template, session, redirect, url_for, request
+from flask import current_app, Blueprint, render_template, session, redirect, url_for, request
 
 from data.document import Document
-import app_globals
 
 bp = Blueprint('admin', __name__, url_prefix='/admin')
 
-def get_admin_password():
-	password_path = app_globals.data_root_dir + '/admin-password'
-	if not os.path.isfile(password_path):
-		new_password = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(12))
-		with open(password_path, 'wb') as f:
-			f.write(new_password.encode())
-	with open(password_path, 'rb') as f:
-		result = f.read().decode().replace('\n', '').replace('\r', '')
-	if len(result) < 12:
-		raise Exception("Internal error: insecure password")
-	return result
-
 @bp.before_app_request
 def authenticate():
 	print(request.path)
@@ -36,7 +23,7 @@ def index():
 
 @bp.route('/login', methods=['GET', 'POST'])
 def login():
-	correct_password = get_admin_password()
+	correct_password = current_app.config['ADMIN_PASSWORD']
 	if request.method == 'POST':
 		password = request.form.get('password')
 		if password == correct_password: