From e141bce817dc5c596fbd45c802a928a6df3f165e Mon Sep 17 00:00:00 2001
From: Giorgio Ravera <giorgio.ravera@gmail.com>
Date: Mon, 5 Jan 2026 19:22:08 +0100
Subject: [PATCH] minor change to SECRET_KEY

---
 backend/config.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/config.py b/backend/config.py
index d8c4f36..2f0fadf 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -15,14 +15,14 @@ DOMAIN = os.environ.get("DOMAIN", "example.com")
 PUBLIC_IP = os.environ.get("PUBLIC_IP", "127.0.0.1")
 
 # Web server related settings
-SECRET_KEY = os.getenv("SESSION_SECRET", secrets.token_urlsafe(64))
 HTTP_PORT = os.getenv("HTTP_PORT", "8000")
+SECRET_KEY = os.getenv("SESSION_SECRET")
+if not SECRET_KEY:
+    SECRET_KEY = load_hash("SECRET_KEY_FILE") or secrets.token_urlsafe(64)
 LOGIN_MAX_ATTEMPTS = int(os.getenv("LOGIN_MAX_ATTEMPTS", "5"))
 LOGIN_WINDOW_SECONDS = int(os.getenv("LOGIN_WINDOW_SECONDS", "600"))
 
 # User related settings
 ADMIN_USER = os.environ.get("ADMIN_USER", "admin")
 ADMIN_PASSWORD = os.environ.get("ADMIN_PASSWORD", "admin")
-ADMIN_HASH = os.environ.get("ADMIN_HASH", "")
-if not ADMIN_HASH:
-  ADMIN_HASH = load_hash("ADMIN_HASH_FILE")
+ADMIN_HASH = os.getenv("ADMIN_HASH") or load_hash("ADMIN_HASH_FILE")
-- 
2.47.3