From dbcb11c6420e802baad61f2f95fb490e7f90340f Mon Sep 17 00:00:00 2001
From: nosklo <nosklo@gmail.com>
Date: Wed, 5 Jul 2023 16:33:54 -0300
Subject: [PATCH] =?UTF-8?q?Gera=20chave=20secreta=20caso=20n=C3=A3o=20exis?=
 =?UTF-8?q?ta?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 rifaserver/app.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/rifaserver/app.py b/rifaserver/app.py
index 8d43ed3..ccad86a 100644
--- a/rifaserver/app.py
+++ b/rifaserver/app.py
@@ -1,8 +1,10 @@
 import functools
 import itertools
+import json
 import operator
 import os
 import random
+import secrets
 
 from flask import Flask, render_template, request, url_for, redirect, flash, session, make_response
 from flask.cli import with_appcontext
@@ -53,7 +55,21 @@ def create_app():
     app = Flask(__name__)
     app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///raffle.db'
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False  # optional, but can improve performance
-    app.config['SECRET_KEY'] = 'idm&#@$8*RSXZpc6Wvb4'
+    app.config.from_prefixed_env()
+    config_filename = os.path.join(app.instance_path, "config.json")
+    if os.path.isfile(config_filename):
+        app.config.from_file(config_filename, load=json.load)
+        with open(config_filename, 'r') as f:
+            _config = json.load(f)
+    else:
+        print(f"{config_filename} not found")
+        _config = {}
+    if app.config['SECRET_KEY'] is None:
+        app.config['SECRET_KEY'] = secrets.token_hex()
+        print(f"Using generated key {app.config['SECRET_KEY']}")
+        _config['SECRET_KEY'] = app.config['SECRET_KEY']
+        with open(config_filename, 'w') as f:
+            json.dump(_config, f)
     db.init_app(app)
 
     login_manager = LoginManager()