Fix config path, env secrets, and align API calls

2026-01-22 07:56:27 +01:00
parent 73d487255a
commit c0aaa86546
7 changed files with 41 additions and 5 deletions
@@ -13,6 +13,10 @@ def login_route():
    username = data.get('username')
    password = data.get('password')

+    if not SECRET_KEY:
+        logger.error("Login blocked: SECRET_KEY is not configured.")
+        return jsonify({"message": "Server misconfigured"}), 500
+
    try:
        config = load_config()
        conn = connect(**config)
@@ -1,10 +1,18 @@
+import os
 from flask import request
 from jwt import decode, ExpiredSignatureError, InvalidTokenError
 from util.logger import logger

-SECRET_KEY = "bitte_hier_dein_geheimes_passwort_setzen"  # später .env verwenden
+# SECRET_KEY must be provided via environment for production safety
+SECRET_KEY = os.environ.get("SECRET_KEY")
+if not SECRET_KEY:
+    logger.error("SECRET_KEY environment variable is not set – authentication disabled until configured.")
+

 def verify_token():
+    if not SECRET_KEY:
+        return None
+
    auth_header = request.headers.get("Authorization", "")
    if not auth_header.startswith("Bearer "):
        logger.warning("🔐 Invalid Bearer header")