Load jwt_key from config
This commit is contained in:
parent
c3f0b5d4eb
commit
21c2af2b92
@ -120,6 +120,7 @@
|
|||||||
"enabled": false,
|
"enabled": false,
|
||||||
"listen_ip_address": "127.0.0.1",
|
"listen_ip_address": "127.0.0.1",
|
||||||
"listen_port": 8080,
|
"listen_port": 8080,
|
||||||
|
"jwt_secret_key": "somethingrandom",
|
||||||
"username": "freqtrader",
|
"username": "freqtrader",
|
||||||
"password": "SuperSecurePassword"
|
"password": "SuperSecurePassword"
|
||||||
},
|
},
|
||||||
|
@ -11,6 +11,7 @@ Sample configuration:
|
|||||||
"enabled": true,
|
"enabled": true,
|
||||||
"listen_ip_address": "127.0.0.1",
|
"listen_ip_address": "127.0.0.1",
|
||||||
"listen_port": 8080,
|
"listen_port": 8080,
|
||||||
|
"jwt_secret_key": "somethingrandom",
|
||||||
"username": "Freqtrader",
|
"username": "Freqtrader",
|
||||||
"password": "SuperSecret1!"
|
"password": "SuperSecret1!"
|
||||||
},
|
},
|
||||||
@ -29,7 +30,7 @@ This should return the response:
|
|||||||
{"status":"pong"}
|
{"status":"pong"}
|
||||||
```
|
```
|
||||||
|
|
||||||
All other endpoints return sensitive info and require authentication, so are not available through a web browser.
|
All other endpoints return sensitive info and require authentication and are therefore not available through a web browser.
|
||||||
|
|
||||||
To generate a secure password, either use a password manager, or use the below code snipped.
|
To generate a secure password, either use a password manager, or use the below code snipped.
|
||||||
|
|
||||||
@ -38,6 +39,9 @@ import secrets
|
|||||||
secrets.token_hex()
|
secrets.token_hex()
|
||||||
```
|
```
|
||||||
|
|
||||||
|
!!! Hint
|
||||||
|
Use the same method to also generate a JWT secret key (`jwt_secret_key`).
|
||||||
|
|
||||||
### Configuration with docker
|
### Configuration with docker
|
||||||
|
|
||||||
If you run your bot using docker, you'll need to have the bot listen to incomming connections. The security is then handled by docker.
|
If you run your bot using docker, you'll need to have the bot listen to incomming connections. The security is then handled by docker.
|
||||||
|
@ -91,7 +91,8 @@ class ApiServer(RPC):
|
|||||||
self.app = Flask(__name__)
|
self.app = Flask(__name__)
|
||||||
|
|
||||||
# Setup the Flask-JWT-Extended extension
|
# Setup the Flask-JWT-Extended extension
|
||||||
self.app.config['JWT_SECRET_KEY'] = 'super-secret' # Change this!
|
self.app.config['JWT_SECRET_KEY'] = self._config['api_server'].get(
|
||||||
|
'jwt_secret_key', 'super-secret')
|
||||||
|
|
||||||
self.jwt = JWTManager(self.app)
|
self.jwt = JWTManager(self.app)
|
||||||
self.app.json_encoder = ArrowJSONEncoder
|
self.app.json_encoder = ArrowJSONEncoder
|
||||||
|
Loading…
Reference in New Issue
Block a user