[sso-admin] Improve data and custom dir handling

While there also improve the default permissions for the secrets
directory.

dd-sso/admin/src/admin/flaskapp.py

@@ -68,7 +68,8 @@ class AdminFlaskApp(Flask):
     """
 
     admin: "Admin"
-    secrets_dir: str
+    data_dir: str
+    custom_dir: str
     ready: bool = False
 
     def __init__(self, *args: Any, **kwargs: Any):
@@ -91,7 +92,11 @@ class AdminFlaskApp(Flask):
 
     @property
     def avatars_path(self) -> str:
-        return os.path.join(self.root_path, "../custom/avatars/")
+        return os.path.join(self.custom_dir, "avatars/")
+
+    @property
+    def secrets_dir(self) -> str:
+        return os.path.join(self.data_dir, "secrets")
 
     def setup(self) -> None:
         """
@@ -123,11 +128,12 @@ class AdminFlaskApp(Flask):
 
     def _load_config(self) -> None:
         try:
+            self.data_dir = os.environ.get("DATA_FOLDER", ".")
+            self.custom_dir = os.environ.get("CUSTOM_FOLDER", ".")
             # Handle secrets like Flask's session key
-            self.secrets_dir = os.environ.get("SECRETS", "secret")
             secret_key_file = os.path.join(self.secrets_dir, "secret_key")
             if not os.path.exists(self.secrets_dir):
-                os.mkdir(self.secrets_dir)
+                os.mkdir(self.secrets_dir, mode=0o700)
             if not os.path.exists(secret_key_file):
                 # Generate as needed
                 # https://flask.palletsprojects.com/en/2.1.x/config/#SECRET_KEY
@@ -196,7 +202,7 @@ class AdminFlaskApp(Flask):
 
         @self.route("/custom/<path:path>")
         def send_custom(path: str) -> Response:
-            return send_from_directory(os.path.join(self.root_path, "../custom"), path)
+            return send_from_directory(self.custom_dir, path)
 
         # @self.errorhandler(404)
         # def not_found_error(error):

dd-sso/admin/src/admin/lib/dashboard.py

@@ -43,7 +43,10 @@ class Dashboard:
         app : "AdminFlaskApp",
     ) -> None:
         self.app = app
-        self.custom_menu = os.path.join(app.root_path, "../custom/menu/custom.yaml")
+
+    @property
+    def custom_menu(self) -> str:
+        return os.path.join(self.app.custom_dir, "menu/custom.yaml")
 
     def _update_custom_menu(self, custom_menu_part : Dict[str, Any]) -> bool:
         with open(self.custom_menu) as yml:
@@ -82,12 +85,12 @@ class Dashboard:
 
     def update_logo(self, logo : FileStorage) -> bool:
         img = Image.open(logo.stream)
-        img.save(os.path.join(self.app.root_path, "../custom/img/logo.png"))
+        img.save(os.path.join(self.app.custom_dir, "img/logo.png"))
         return self.apply_updates()
 
     def update_background(self, background : FileStorage) -> bool:
         img = Image.open(background.stream)
-        img.save(os.path.join(self.app.root_path, "../custom/img/background.png"))
+        img.save(os.path.join(self.app.custom_dir, "img/background.png"))
         return self.apply_updates()
 
     def apply_updates(self) -> bool:

dd-sso/docker-compose-parts/admin.yml

@@ -50,4 +50,5 @@ services:
       - VERIFY="false"  # In development do not verify certificates
       - DOMAIN=${DOMAIN}
       - MANAGED_EMAIL_DOMAIN=${MANAGED_EMAIL_DOMAIN}
-      - SECRETS=/data/secret
+      - DATA_FOLDER=/data
+      - CUSTOM_FOLDER=/admin/custom