From 03a7e35967dde9f75f2cc3e752ecb74c887feae5 Mon Sep 17 00:00:00 2001
From: Tim Farrell <tim@thecookiejar.me>
Date: Thu, 1 Feb 2024 13:43:54 -0600
Subject: [PATCH] Default docker installations should generate a random key
 instead of using a static secret that everyone can see.

---
 Dockerfile       | 3 +++
 backend/start.sh | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index d292716b8..39933fd40 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -53,4 +53,7 @@ COPY --from=build /app/build /app/build
 # copy backend files
 COPY ./backend .
 
+# Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
+RUN echo $(head -c 12 /dev/random | base64) > docker_secret_key
+
 CMD [ "bash", "start.sh"]
\ No newline at end of file
diff --git a/backend/start.sh b/backend/start.sh
index 09a791fca..515e6c939 100755
--- a/backend/start.sh
+++ b/backend/start.sh
@@ -4,4 +4,9 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 cd "$SCRIPT_DIR" || exit
 
 PORT="${PORT:-8080}"
-exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'
+if test -f docker_secret_key && test "$WEBUI_SECRET_KEY" = ""; then
+  echo Using generated DOCKER_SECRET_KEY
+  WEBUI_SECRET_KEY=`cat docker_secret_key`
+fi
+
+WEBUI_SECRET_KEY="$WEBUI_SECRET_KEY" exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'