From 5505ee136416a23b97185ef2b0068399b261ca20 Mon Sep 17 00:00:00 2001
From: stojanovskis1 <stojanovskis1@icloud.com>
Date: Wed, 18 Jan 2023 14:49:08 +0100
Subject: [PATCH] changed start-ckan.sh, setting secrets in ini file

---
 images/ckan/2.7/setup/app/start_ckan.sh | 8 ++++++++
 images/ckan/2.8/setup/app/start_ckan.sh | 8 ++++++++
 images/ckan/2.9/setup/app/start_ckan.sh | 8 ++++++++
 3 files changed, 24 insertions(+)

diff --git a/images/ckan/2.7/setup/app/start_ckan.sh b/images/ckan/2.7/setup/app/start_ckan.sh
index cf28249..d8dac90 100755
--- a/images/ckan/2.7/setup/app/start_ckan.sh
+++ b/images/ckan/2.7/setup/app/start_ckan.sh
@@ -12,6 +12,14 @@ then
     done
 fi
 
+if grep -E "beaker.session.secret ?= ?$" ckan.ini
+then
+    echo "Setting secrets in ini file"
+    ckan config-tool $CKAN_INI "beaker.session.secret=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
+    ckan config-tool $CKAN_INI "api_token.jwt.encode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+    ckan config-tool $CKAN_INI "api_token.jwt.decode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+fi
+
 # Set the common uwsgi options
 echo "Starting UWSGI with '${UWSGI_PROC_NO:-2}' workers"
 
diff --git a/images/ckan/2.8/setup/app/start_ckan.sh b/images/ckan/2.8/setup/app/start_ckan.sh
index cf28249..d8dac90 100755
--- a/images/ckan/2.8/setup/app/start_ckan.sh
+++ b/images/ckan/2.8/setup/app/start_ckan.sh
@@ -12,6 +12,14 @@ then
     done
 fi
 
+if grep -E "beaker.session.secret ?= ?$" ckan.ini
+then
+    echo "Setting secrets in ini file"
+    ckan config-tool $CKAN_INI "beaker.session.secret=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
+    ckan config-tool $CKAN_INI "api_token.jwt.encode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+    ckan config-tool $CKAN_INI "api_token.jwt.decode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+fi
+
 # Set the common uwsgi options
 echo "Starting UWSGI with '${UWSGI_PROC_NO:-2}' workers"
 
diff --git a/images/ckan/2.9/setup/app/start_ckan.sh b/images/ckan/2.9/setup/app/start_ckan.sh
index f1b509f..2210987 100755
--- a/images/ckan/2.9/setup/app/start_ckan.sh
+++ b/images/ckan/2.9/setup/app/start_ckan.sh
@@ -12,6 +12,14 @@ then
     done
 fi
 
+if grep -E "beaker.session.secret ?= ?$" ckan.ini
+then
+    echo "Setting secrets in ini file"
+    ckan config-tool $CKAN_INI "beaker.session.secret=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
+    ckan config-tool $CKAN_INI "api_token.jwt.encode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+    ckan config-tool $CKAN_INI "api_token.jwt.decode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+fi
+
 echo "Starting UWSGI with '${UWSGI_PROC_NO:-2}' workers"
 UWSGI_OPTS="--socket /tmp/uwsgi.sock --uid ckan --gid ckan --http :5000 --master --enable-threads --wsgi-file /srv/app/wsgi.py --module wsgi:application --lazy-apps --gevent 2000 -p ${UWSGI_PROC_NO:-2} -L --gevent-early-monkey-patch --vacuum --harakiri 50 --callable application"