0x5t4l1n/OpenLearnX
1
0
Fork 0
mirror of https://github.com/th30d4y/OpenLearnX.git synced 2026-05-26 11:25:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix security concerns - restrictive file permissions and remove secret logging

Browse Source 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-31 18:44:17 +00:00
parent a343b17ab3
commit a1f9cd4114
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/routes/auth.py
+3
View File
@@ -21,6 +21,7 @@ JWT_SECRET = os.getenv('JWT_SECRET')
if not JWT_SECRET:
import warnings
import tempfile
import stat
warnings.warn("JWT_SECRET environment variable not set. Using persistent dev secret.", UserWarning)
# Use persistent file-based secret for development to avoid invalidating tokens on restart
_secret_file = os.path.join(tempfile.gettempdir(), '.openlearnx_dev_jwt_secret_auth')
@@ -33,6 +34,8 @@ if not JWT_SECRET:
JWT_SECRET = _secrets.token_hex(32)
with open(_secret_file, 'w') as f:
f.write(JWT_SECRET)
# Set restrictive permissions (owner read/write only)
os.chmod(_secret_file, stat.S_IRUSR | stat.S_IWUSR)
except Exception:
import secrets as _secrets
JWT_SECRET = _secrets.token_hex(32)