From 70b753cd31fd2a00b7e22b1de4eb70416d018cd8 Mon Sep 17 00:00:00 2001
From: Xiretza <xiretza@xiretza.xyz>
Date: Mon, 9 May 2022 16:17:56 +0200
Subject: [PATCH] fix: don't create secrets file as world-readable (#136)

---
 etebase_server/utils.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etebase_server/utils.py b/etebase_server/utils.py
index 64ed657..9f56457 100644
--- a/etebase_server/utils.py
+++ b/etebase_server/utils.py
@@ -13,6 +13,8 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 from django.core.management import utils
+import os
+import stat
 
 
 def get_secret_from_file(path):
@@ -21,6 +23,7 @@ def get_secret_from_file(path):
             return f.read().strip()
     except EnvironmentError:
         with open(path, "w") as f:
+            os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
             secret_key = utils.get_random_secret_key()
             f.write(secret_key)
             return secret_key