86 lines
3.4 KiB
Python
86 lines
3.4 KiB
Python
import os
|
||
from dotenv import load_dotenv
|
||
from pathlib import Path
|
||
|
||
# 先加载环境变量(必须在Config类之前)
|
||
load_dotenv(Path(__file__).parent / '.env', override=True)
|
||
|
||
class Config:
|
||
# Flask 安全配置
|
||
SECRET_KEY = os.getenv('SECRET_KEY', 'dev-secret-key') # 生产环境必须覆盖
|
||
SESSION_COOKIE_SECURE = True # 只允许HTTPS传输
|
||
SESSION_COOKIE_HTTPONLY = True
|
||
PERMANENT_SESSION_LIFETIME = 3600 # 1小时会话有效期
|
||
|
||
# 数据库配置 (从环境变量读取)
|
||
DB_CONFIG = {
|
||
'host': os.getenv('DB_HOST', 'localhost'),
|
||
'database': os.getenv('DB_NAME', 'cert_manager'),
|
||
'user': os.getenv('DB_USER', 'certmgr'),
|
||
'password': os.getenv('DB_PASSWORD', ''),
|
||
'port': int(os.getenv('DB_PORT', '3306')),
|
||
'charset': 'utf8mb4',
|
||
'collation': 'utf8mb4_general_ci',
|
||
'autocommit': True
|
||
}
|
||
|
||
# 证书存储路径 (使用Path更安全)
|
||
CERT_STORE = Path(os.getenv('CERT_STORE',
|
||
os.path.join(os.path.dirname(os.path.abspath(__file__)), 'cert_store')))
|
||
|
||
# 确保证书存储目录存在
|
||
if not CERT_STORE.exists():
|
||
CERT_STORE.mkdir(mode=0o700, parents=True) # 设置严格权限
|
||
|
||
# 管理员配置
|
||
ADMIN_USERNAME = os.getenv('ADMIN_USERNAME', 'admin')
|
||
ADMIN_PASSWORD = os.getenv('ADMIN_PASSWORD', '') # 生产环境必须设置
|
||
ADMIN_EMAIL = os.getenv('ADMIN_EMAIL', 'admin@example.com')
|
||
|
||
# 应用运行配置
|
||
APP_HOST = os.getenv('APP_HOST', '0.0.0.0')
|
||
APP_PORT = int(os.getenv('APP_PORT', '9875'))
|
||
DEBUG = os.getenv('DEBUG', 'False') == 'True' # 生产环境应为False
|
||
|
||
# 注册相关配置
|
||
REGISTRATION_OPEN = os.getenv('REGISTRATION_OPEN', 'False') == 'True'
|
||
EMAIL_VERIFICATION_REQUIRED = os.getenv('EMAIL_VERIFICATION_REQUIRED', 'True') == 'True'
|
||
|
||
# 密码策略配置
|
||
PASSWORD_POLICY = {
|
||
'min_length': int(os.getenv('PASSWORD_MIN_LENGTH', '8')),
|
||
'require_uppercase': os.getenv('PASSWORD_REQUIRE_UPPERCASE', 'True') == 'True',
|
||
'require_lowercase': os.getenv('PASSWORD_REQUIRE_LOWERCASE', 'True') == 'True',
|
||
'require_digits': os.getenv('PASSWORD_REQUIRE_DIGITS', 'True') == 'True',
|
||
'require_special_chars': os.getenv('PASSWORD_REQUIRE_SPECIAL', 'True') == 'True'
|
||
}
|
||
|
||
# 邮件服务器配置
|
||
MAIL_SERVER = os.getenv('MAIL_SERVER', 'smtp.qq.com')
|
||
MAIL_PORT = int(os.getenv('MAIL_PORT', '465'))
|
||
MAIL_USE_SSL = os.getenv('MAIL_USE_SSL', 'True') == 'True'
|
||
MAIL_USE_TLS = os.getenv('MAIL_USE_TLS', 'False') == 'True'
|
||
MAIL_USERNAME = os.getenv('MAIL_USERNAME')
|
||
MAIL_PASSWORD = os.getenv('MAIL_PASSWORD')
|
||
MAIL_DEFAULT_SENDER = (
|
||
os.getenv('MAIL_DEFAULT_SENDER_EMAIL', 'noreply@example.com'),
|
||
os.getenv('MAIL_DEFAULT_SENDER_NAME', 'Certificate Manager')
|
||
)
|
||
|
||
# 应用URL配置
|
||
APP_DOMAIN = os.getenv('APP_DOMAIN', 'xunxian.liuyan.wang')
|
||
APP_PROTOCOL = os.getenv('APP_PROTOCOL', 'https')
|
||
SERVER_NAME = os.getenv('SERVER_NAME') # 用于URL生成
|
||
|
||
# 日志配置
|
||
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO')
|
||
LOG_FILE = os.getenv('LOG_FILE', 'app.log')
|
||
|
||
@property
|
||
def SQLALCHEMY_DATABASE_URI(self):
|
||
return f"mysql+pymysql://{self.DB_CONFIG['user']}:{self.DB_CONFIG['password']}@" \
|
||
f"{self.DB_CONFIG['host']}:{self.DB_CONFIG['port']}/{self.DB_CONFIG['database']}"
|
||
|
||
@property
|
||
def BASE_URL(self):
|
||
return f"{self.APP_PROTOCOL}://{self.APP_DOMAIN}" |