From b38216a22334fa9866f4a3a705d9a94c14b24ff3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?=
 <40151420+ldericher@users.noreply.github.com>
Date: Sat, 19 Mar 2022 16:57:25 +0000
Subject: [PATCH] secret generation on startup

---
 api/kiwi_vpn_api/config.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/api/kiwi_vpn_api/config.py b/api/kiwi_vpn_api/config.py
index 017f2ed..3d48d76 100644
--- a/api/kiwi_vpn_api/config.py
+++ b/api/kiwi_vpn_api/config.py
@@ -4,11 +4,12 @@ import functools
 import json
 from datetime import datetime, timedelta
 from enum import Enum
+from secrets import token_hex
 
 from jose import JWTError, jwt
 from jose.constants import ALGORITHMS
 from passlib.context import CryptContext
-from pydantic import BaseModel, BaseSettings, Field
+from pydantic import BaseModel, BaseSettings, Field, validator
 from sqlalchemy import create_engine
 from sqlalchemy.engine import Engine
 
@@ -70,6 +71,14 @@ class JWTConfig(BaseModel):
     hash_algorithm: str = ALGORITHMS.HS256
     expiry_minutes: int = 30
 
+    @validator("secret")
+    @classmethod
+    def ensure_secret(cls, value: str | None) -> str:
+        if value is None:
+            return token_hex(32)
+
+        return value
+
     async def create_token(
         self,
         username: str,