diff --git a/README.md b/README.md index fe773e7..f50abd4 100644 --- a/README.md +++ b/README.md @@ -26,12 +26,19 @@ sudo docker load -i py-push-server-amd-$PUSH_SERVER_VERSION.tar sudo docker run -d -p 8900:3000 -v ~/py-push-server-db:/app/instance/data --name py-push-server-$PUSH_SERVER_VERSION py-push-server:amd-$PUSH_SERVER_VERSION ``` +On a production server for security (eg /web-push/generate_vapid): set an environment variable `ADMIN_PASSWORD` for permissions; one way is to add this to the `docker run` command: `-e ADMIN_PASSWORD=` + Finally, generate a new VAPID by hitting the `regenerate_vapid` endpoint with a POST, eg. `curl -X POST localhost:8080/web-push/regenerate_vapid` ## Docker Compose & HAProxy Setup +On a production server for security (eg /web-push/generate_vapid): set an environment variable `ADMIN_PASSWORD` for permissions; one way is to create a .env file with the value inside before running `docker compose` commands: + +``` +ADMIN_PASSWORD= +``` On first run you need to: diff --git a/app.py b/app.py index 5359acf..593e8cb 100644 --- a/app.py +++ b/app.py @@ -1,7 +1,7 @@ """ Environment variables: - SQLALCHEMY_DATABASE_URI: path to sqlite file, starting with "sqlite:////" -- ADMIN_PASSWORD: password for admin user for sensitive endpoints +- ADMIN_PASSWORD: password for admin user for sensitive endpoints, defaults to 'admin' """ from typing import Dict, Tuple, Union, Optional @@ -225,7 +225,8 @@ class WebPushService(): - If there's an error during the operation, a JSON response with the error message is returned with a 500 status code. """ - envPassword = os.getenv('ADMIN_PASSWORD') + # This default can be invoked thus: curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" localhost:3000/web-push/regenerate_vapid + envPassword = os.getenv('ADMIN_PASSWORD', 'admin') auth = request.authorization if (auth is None or auth.username is None