github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Replace os.urandom(32).hex() with secrets.token_hex(32)

Browse source
This commit is contained in:
Simon Willison 2020-06-08 21:37:35 -07:00
commit 5a6a73e319
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
datasette/app.py
View file

@ -8,6 +8,7 @@ import itertools
import json import json
import os import os
import re import re
import secrets
import sys import sys
import threading import threading
import traceback import traceback
@ -186,7 +187,7 @@ class Datasette:
assert config_dir is None or isinstance( assert config_dir is None or isinstance(
config_dir, Path config_dir, Path
), "config_dir= should be a pathlib.Path" ), "config_dir= should be a pathlib.Path"
self._secret = secret or os.urandom(32).hex() self._secret = secret or secrets.token_hex(32)
self.files = tuple(files) + tuple(immutables or []) self.files = tuple(files) + tuple(immutables or [])
if config_dir: if config_dir:
self.files += tuple([str(p) for p in config_dir.glob("*.db")]) self.files += tuple([str(p) for p in config_dir.glob("*.db")])
@ -299,7 +300,7 @@ class Datasette:
self._register_renderers() self._register_renderers()
self._permission_checks = collections.deque(maxlen=200) self._permission_checks = collections.deque(maxlen=200)
self._root_token = os.urandom(32).hex() self._root_token = secrets.token_hex(32)
def sign(self, value, namespace="default"): def sign(self, value, namespace="default"):
return URLSafeSerializer(self._secret, namespace).dumps(value) return URLSafeSerializer(self._secret, namespace).dumps(value)

2
docs/config.rst
View file

@ -302,7 +302,7 @@ Or::
One way to generate a secure random secret is to use Python like this:: One way to generate a secure random secret is to use Python like this::
$ python3 -c 'import os; print(os.urandom(32).hex())' $ python3 -c 'import secrets; print(secrets.token_hex(32))'
cdb19e94283a20f9d42cca50c5a4871c0aa07392db308755d60a1a5b9bb0fa52 cdb19e94283a20f9d42cca50c5a4871c0aa07392db308755d60a1a5b9bb0fa52
Plugin authors make use of this signing mechanism in their plugins using :ref:`datasette_sign` and :ref:`datasette_unsign`. Plugin authors make use of this signing mechanism in their plugins using :ref:`datasette_sign` and :ref:`datasette_unsign`.