administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-04-11 09:37:37 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

jwt permissions

Browse Source
This commit is contained in:
Josh Hawkins 2025-12-07 16:40:23 -06:00
parent 28b0ad782a
commit d3e038bfb3
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
frigate/api/auth.py
View File

@ -8,6 +8,7 @@ import logging
import os import os
import re import re
import secrets import secrets
import stat
import time import time
from datetime import datetime from datetime import datetime
from pathlib import Path from pathlib import Path
@ -311,7 +312,9 @@ def get_jwt_secret() -> str:
) )
jwt_secret = secrets.token_hex(64) jwt_secret = secrets.token_hex(64)
try: try:
with open(jwt_secret_file, "w") as f: # Use os.open to create file with restrictive permissions (0o600: read/write for owner only)
fd = os.open(jwt_secret_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL, 0o600)
with os.fdopen(fd, "w") as f:
f.write(str(jwt_secret)) f.write(str(jwt_secret))
except Exception: except Exception:
logger.warning( logger.warning(