fix silly host_clean and direct access TA_PASSWORD

2023-04-09 13:35:13 +07:00 · 2023-04-09 13:35:13 +07:00 · 06c7968070
parent a98a30cc85
commit 06c7968070
2 changed files with 2 additions and 2 deletions
--- a/tubearchivist/config/settings.py
+++ b/tubearchivist/config/settings.py
@ -27,7 +27,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/

-PW_HASH = hashlib.sha256(environ.get("TA_PASSWORD").encode())
+PW_HASH = hashlib.sha256(environ["TA_PASSWORD"].encode())
 SECRET_KEY = PW_HASH.hexdigest()

 # SECURITY WARNING: don't run with debug turned on in production!
--- a/tubearchivist/home/src/ta/helper.py
+++ b/tubearchivist/home/src/ta/helper.py
@ -156,7 +156,7 @@ def ta_host_parser(ta_host):
    for host in ta_host.split():
        host_clean = host.strip()
        if not host_clean.startswith("http"):
-            host_clean = f"http://{host}"
+            host_clean = f"http://{host_clean}"

        parsed = urlparse(host_clean)
        allowed_hosts.append(f"{parsed.hostname}")