import os from dotenv import load_dotenv from pathlib import Path # 先加载环境变量(必须在Config类之前) load_dotenv(Path(__file__).parent / '.env', override=True) class Config: # Flask 安全配置 SECRET_KEY = os.getenv('SECRET_KEY', 'dev-secret-key') # 生产环境必须覆盖 SESSION_COOKIE_SECURE = True # 只允许HTTPS传输 SESSION_COOKIE_HTTPONLY = True PERMANENT_SESSION_LIFETIME = 3600 # 1小时会话有效期 # 数据库配置 (从环境变量读取) DB_CONFIG = { 'host': os.getenv('DB_HOST', 'localhost'), 'database': os.getenv('DB_NAME', 'cert_manager'), 'user': os.getenv('DB_USER', 'certmgr'), 'password': os.getenv('DB_PASSWORD', ''), 'port': int(os.getenv('DB_PORT', '3306')), 'charset': 'utf8mb4', 'collation': 'utf8mb4_general_ci', 'autocommit': True } # 证书存储路径 (使用Path更安全) CERT_STORE = Path(os.getenv('CERT_STORE', os.path.join(os.path.dirname(os.path.abspath(__file__)), 'cert_store'))) # 确保证书存储目录存在 if not CERT_STORE.exists(): CERT_STORE.mkdir(mode=0o700, parents=True) # 设置严格权限 # 管理员配置 ADMIN_USERNAME = os.getenv('ADMIN_USERNAME', 'admin') ADMIN_PASSWORD = os.getenv('ADMIN_PASSWORD', '') # 生产环境必须设置 ADMIN_EMAIL = os.getenv('ADMIN_EMAIL', 'admin@example.com') # 应用运行配置 APP_HOST = os.getenv('APP_HOST', '0.0.0.0') APP_PORT = int(os.getenv('APP_PORT', '9875')) DEBUG = os.getenv('DEBUG', 'False') == 'True' # 生产环境应为False # 注册相关配置 REGISTRATION_OPEN = os.getenv('REGISTRATION_OPEN', 'False') == 'True' EMAIL_VERIFICATION_REQUIRED = os.getenv('EMAIL_VERIFICATION_REQUIRED', 'True') == 'True' # 密码策略配置 PASSWORD_POLICY = { 'min_length': int(os.getenv('PASSWORD_MIN_LENGTH', '8')), 'require_uppercase': os.getenv('PASSWORD_REQUIRE_UPPERCASE', 'True') == 'True', 'require_lowercase': os.getenv('PASSWORD_REQUIRE_LOWERCASE', 'True') == 'True', 'require_digits': os.getenv('PASSWORD_REQUIRE_DIGITS', 'True') == 'True', 'require_special_chars': os.getenv('PASSWORD_REQUIRE_SPECIAL', 'True') == 'True' } # 邮件服务器配置 MAIL_SERVER = os.getenv('MAIL_SERVER', 'smtp.qq.com') MAIL_PORT = int(os.getenv('MAIL_PORT', '465')) MAIL_USE_SSL = os.getenv('MAIL_USE_SSL', 'True') == 'True' MAIL_USE_TLS = os.getenv('MAIL_USE_TLS', 'False') == 'True' MAIL_USERNAME = os.getenv('MAIL_USERNAME') MAIL_PASSWORD = os.getenv('MAIL_PASSWORD') MAIL_DEFAULT_SENDER = ( os.getenv('MAIL_DEFAULT_SENDER_EMAIL', 'noreply@example.com'), os.getenv('MAIL_DEFAULT_SENDER_NAME', 'Certificate Manager') ) # 应用URL配置 APP_DOMAIN = os.getenv('APP_DOMAIN', 'xunxian.liuyan.wang') APP_PROTOCOL = os.getenv('APP_PROTOCOL', 'https') SERVER_NAME = os.getenv('SERVER_NAME') # 用于URL生成 # 日志配置 LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO') LOG_FILE = os.getenv('LOG_FILE', 'app.log') @property def SQLALCHEMY_DATABASE_URI(self): return f"mysql+pymysql://{self.DB_CONFIG['user']}:{self.DB_CONFIG['password']}@" \ f"{self.DB_CONFIG['host']}:{self.DB_CONFIG['port']}/{self.DB_CONFIG['database']}" @property def BASE_URL(self): return f"{self.APP_PROTOCOL}://{self.APP_DOMAIN}"