[sso-admin] Improve data and custom dir handling

While there also improve the default permissions for the secrets directory.
2022-07-30 09:38:14 +02:00 · 2022-07-30 09:38:14 +02:00 · 38cc2a0564
parent 4421c5a5df
commit 38cc2a0564
3 changed files with 19 additions and 9 deletions
--- a/dd-sso/admin/src/admin/flaskapp.py
+++ b/dd-sso/admin/src/admin/flaskapp.py
@ -68,7 +68,8 @@ class AdminFlaskApp(Flask):
    """

    admin: "Admin"
-    secrets_dir: str
+    data_dir: str
+    custom_dir: str
    ready: bool = False

    def __init__(self, *args: Any, **kwargs: Any):
@ -91,7 +92,11 @@ class AdminFlaskApp(Flask):

    @property
    def avatars_path(self) -> str:
-        return os.path.join(self.root_path, "../custom/avatars/")
+        return os.path.join(self.custom_dir, "avatars/")
+
+    @property
+    def secrets_dir(self) -> str:
+        return os.path.join(self.data_dir, "secrets")

    def setup(self) -> None:
        """
@ -123,11 +128,12 @@ class AdminFlaskApp(Flask):

    def _load_config(self) -> None:
        try:
+            self.data_dir = os.environ.get("DATA_FOLDER", ".")
+            self.custom_dir = os.environ.get("CUSTOM_FOLDER", ".")
            # Handle secrets like Flask's session key
-            self.secrets_dir = os.environ.get("SECRETS", "secret")
            secret_key_file = os.path.join(self.secrets_dir, "secret_key")
            if not os.path.exists(self.secrets_dir):
-                os.mkdir(self.secrets_dir)
+                os.mkdir(self.secrets_dir, mode=0o700)
            if not os.path.exists(secret_key_file):
                # Generate as needed
                # https://flask.palletsprojects.com/en/2.1.x/config/#SECRET_KEY
@ -196,7 +202,7 @@ class AdminFlaskApp(Flask):

        @self.route("/custom/<path:path>")
        def send_custom(path: str) -> Response:
-            return send_from_directory(os.path.join(self.root_path, "../custom"), path)
+            return send_from_directory(self.custom_dir, path)

        # @self.errorhandler(404)
        # def not_found_error(error):
--- a/dd-sso/admin/src/admin/lib/dashboard.py
+++ b/dd-sso/admin/src/admin/lib/dashboard.py
@ -43,7 +43,10 @@ class Dashboard:
        app : "AdminFlaskApp",
    ) -> None:
        self.app = app
-        self.custom_menu = os.path.join(app.root_path, "../custom/menu/custom.yaml")
+
+    @property
+    def custom_menu(self) -> str:
+        return os.path.join(self.app.custom_dir, "menu/custom.yaml")

    def _update_custom_menu(self, custom_menu_part : Dict[str, Any]) -> bool:
        with open(self.custom_menu) as yml:
@ -82,12 +85,12 @@ class Dashboard:

    def update_logo(self, logo : FileStorage) -> bool:
        img = Image.open(logo.stream)
-        img.save(os.path.join(self.app.root_path, "../custom/img/logo.png"))
+        img.save(os.path.join(self.app.custom_dir, "img/logo.png"))
        return self.apply_updates()

    def update_background(self, background : FileStorage) -> bool:
        img = Image.open(background.stream)
-        img.save(os.path.join(self.app.root_path, "../custom/img/background.png"))
+        img.save(os.path.join(self.app.custom_dir, "img/background.png"))
        return self.apply_updates()

    def apply_updates(self) -> bool:
--- a/dd-sso/docker-compose-parts/admin.yml
+++ b/dd-sso/docker-compose-parts/admin.yml
@ -50,4 +50,5 @@ services:
      - VERIFY="false"  # In development do not verify certificates
      - DOMAIN=${DOMAIN}
      - MANAGED_EMAIL_DOMAIN=${MANAGED_EMAIL_DOMAIN}
-      - SECRETS=/data/secret
+      - DATA_FOLDER=/data
+      - CUSTOM_FOLDER=/admin/custom