Fix SECRET_KEY autogeneration in Debian package

Also fixes that "SECRET_KEY" was wrongly named "SECRET" in the default config.

Fix SECRET_KEY autogeneration in Debian package
6412780d · Julian · 65014469 · 6412780d · 6412780d
Commit 6412780d authored Mar 23, 2022 by Julian
--- a/debian/contrib/uffd-nginxauth.cfg
+++ b/debian/contrib/uffd-nginxauth.cfg
 FLASK_ENV="production"
-#SECRET=autogenerated by postinst script
+#SECRET_KEY=autogenerated by postinst script
 # URLs of the OAuth2-based identity provider (must be set!)
 #OAUTH2_AUTH_URL = 'http://localhost:5001/oauth2/authorize'

--- a/debian/postinst
+++ b/debian/postinst
@@ -13,6 +13,18 @@ case "$1" in
 		chown root:uffd-nginxauth /etc/uffd-nginxauth/uffd-nginxauth.cfg
 		chmod 0640 /etc/uffd-nginxauth/uffd-nginxauth.cfg
+		python3 <<EOF
+import secrets
+cfg = open('/etc/uffd-nginxauth/uffd-nginxauth.cfg', 'r').read()
+cfg = cfg.replace('\n#SECRET_KEY=autogenerated by postinst script\n',
+                  '\nSECRET_KEY="'+secrets.token_hex(128)+'"\n', 1)
+# Prior to v0.2.1 the default config used a wrong name for SECRET_KEY
+if '\nSECRET_KEY=' not in cfg:
+	cfg = cfg.replace('\n#SECRET=autogenerated by postinst script\n',
+	                  '\nSECRET_KEY="'+secrets.token_hex(128)+'"\n', 1)
+open('/etc/uffd-nginxauth/uffd-nginxauth.cfg', 'w').write(cfg)
+EOF
 		invoke-rc.d uwsgi restart uffd-nginxauth
 	;;