Membrane Backend: A centralized authentication service for Single Sign-On (SSO) enabling seamless token-based email verification across multiple client applications.
MIT License
1
stars
0
forks
source link
Implement Environment Variables for JWT Token Expiry and Session Type & Generate UUID for Default Secret Key #9
Enhance Configuration through Environment Variables
Background:
Our Flask application currently has certain configuration values hard-coded within the app.py file. This makes the application less flexible and more challenging to configure in various environments (development, staging, production). We need to migrate these configurations to be sourced from environment variables.
Tasks:
1. Implement Environment Variable for JWT_ACCESS_TOKEN_EXPIRES:
Currently, we have the expiration time for JWT access tokens set as:
This needs to be fetched from an environment variable, say JWT_EXPIRY_MINUTES, which will be set in the .env file in the root directory.
Acceptance Criteria:
The application should fetch the value from JWT_EXPIRY_MINUTES environment variable.
If the environment variable is not set, it should fall back to a default value (e.g., 60 minutes).
The application should handle potential invalid values gracefully.
2. Implement Environment Variable for SESSION_TYPE:
Similarly, we have:
app.config['SESSION_TYPE'] = 'filesystem'
This session type configuration should be fetched from an environment variable, say FLASK_SESSION_TYPE.
Acceptance Criteria:
The application should fetch the value from FLASK_SESSION_TYPE environment variable.
If the environment variable is not set, it should fall back to a default value (e.g., 'filesystem').
Ensure it supports valid Flask session types and handles invalid types gracefully.
3. Implement UUID as Default Secret Key:
For the secret key:
KEY_VALUE = os.getenv('SECRET_KEY', '')
If the SECRET_KEY environment variable is not provided in the .env file, the application should generate a UUID as a default secret key.
Acceptance Criteria:
Generate a UUID as a default value if SECRET_KEY is missing.
Ensure the application uses the generated UUID as its secret key in such cases.
Enhance Configuration through Environment Variables
Background:
Our Flask application currently has certain configuration values hard-coded within the
app.pyfile. This makes the application less flexible and more challenging to configure in various environments (development, staging, production). We need to migrate these configurations to be sourced from environment variables.Tasks:
1. Implement Environment Variable for
JWT_ACCESS_TOKEN_EXPIRES:Currently, we have the expiration time for JWT access tokens set as:
This needs to be fetched from an environment variable, say JWT_EXPIRY_MINUTES, which will be set in the .env file in the root directory.
Acceptance Criteria:
2. Implement Environment Variable for SESSION_TYPE:
Similarly, we have:
This session type configuration should be fetched from an environment variable, say FLASK_SESSION_TYPE.
Acceptance Criteria:
3. Implement UUID as Default Secret Key:
For the secret key:
If the SECRET_KEY environment variable is not provided in the .env file, the application should generate a UUID as a default secret key.
Acceptance Criteria: