updates

2025-11-21 15:15:48 +02:00
parent 9a6190e8ef
commit f469cf7806
13 changed files with 129 additions and 88 deletions
--- a/Backend/src/main.py
+++ b/Backend/src/main.py
@@ -11,6 +11,9 @@ from slowapi.errors import RateLimitExceeded
 from pathlib import Path
 from datetime import datetime
 import sys
+import secrets
+import os
+import re
 from .config.settings import settings
 from .config.logging_config import setup_logging, get_logger
 from .config.database import engine, Base, get_db
@@ -151,8 +154,50 @@ app.include_router(page_content_routes.router, prefix='/api')
 app.include_router(page_content_routes.router, prefix=settings.API_V1_PREFIX)
 logger.info('All routes registered successfully')

+def ensure_jwt_secret():
+    """Generate and save JWT secret if it's using the default value."""
+    default_secret = 'dev-secret-key-change-in-production-12345'
+    current_secret = settings.JWT_SECRET
+    
+    if not current_secret or current_secret == default_secret:
+        new_secret = secrets.token_urlsafe(64)
+        
+        os.environ['JWT_SECRET'] = new_secret
+        
+        env_file = Path(__file__).parent.parent / '.env'
+        if env_file.exists():
+            try:
+                env_content = env_file.read_text(encoding='utf-8')
+                
+                jwt_pattern = re.compile(r'^JWT_SECRET=.*$', re.MULTILINE)
+                
+                if jwt_pattern.search(env_content):
+                    env_content = jwt_pattern.sub(f'JWT_SECRET={new_secret}', env_content)
+                else:
+                    jwt_section_pattern = re.compile(r'(# =+.*JWT.*=+.*\n)', re.IGNORECASE | re.MULTILINE)
+                    match = jwt_section_pattern.search(env_content)
+                    if match:
+                        insert_pos = match.end()
+                        env_content = env_content[:insert_pos] + f'JWT_SECRET={new_secret}\n' + env_content[insert_pos:]
+                    else:
+                        env_content += f'\nJWT_SECRET={new_secret}\n'
+                
+                env_file.write_text(env_content, encoding='utf-8')
+                logger.info('✓ JWT secret generated and saved to .env file')
+            except Exception as e:
+                logger.warning(f'Could not update .env file: {e}')
+                logger.info(f'Generated JWT secret (add to .env manually): JWT_SECRET={new_secret}')
+        else:
+            logger.info(f'Generated JWT secret (add to .env file): JWT_SECRET={new_secret}')
+        
+        logger.info('✓ Secure JWT secret generated automatically')
+    else:
+        logger.info('✓ JWT secret is configured')
+
@app.on_event('startup')
 async def startup_event():
+    ensure_jwt_secret()
+    
    logger.info(f'{settings.APP_NAME} started successfully')
    logger.info(f'Environment: {settings.ENVIRONMENT}')
    logger.info(f'Debug mode: {settings.DEBUG}')