From 48ca13dc4d860e09f6f8791f9f55792380f011cd Mon Sep 17 00:00:00 2001
From: Soxoj <31013580+soxoj@users.noreply.github.com>
Date: Sun, 31 Aug 2025 16:14:42 +0200
Subject: [PATCH] Make web interface accessible for Docker deployment by
 default (#2189)

---
 Dockerfile         |  4 +++-
 maigret/maigret.py |  5 ++++-
 maigret/web/app.py | 11 +++++++++--
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 59545ce..7ef2ec0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.10-slim
+FROM python:3.11-slim
 LABEL maintainer="Soxoj <soxoj@protonmail.com>"
 WORKDIR /app
 RUN pip install --no-cache-dir --upgrade pip
@@ -13,4 +13,6 @@ RUN apt-get update && \
     rm -rf /var/lib/apt/lists/* /tmp/*
 COPY . .
 RUN YARL_NO_EXTENSIONS=1 python3 -m pip install --no-cache-dir .
+# For production use, set FLASK_HOST to a specific IP address for security
+ENV FLASK_HOST=0.0.0.0
 ENTRYPOINT ["maigret"]
diff --git a/maigret/maigret.py b/maigret/maigret.py
index 665f36f..d561642 100755
--- a/maigret/maigret.py
+++ b/maigret/maigret.py
@@ -611,7 +611,10 @@ async def main():
         port = (
             args.web if args.web else 5000
         )  # args.web is either the specified port or 5000 by default
-        app.run(port=port)
+
+        # Host configuration: secure by default, but allow override via environment
+        host = os.getenv('FLASK_HOST', '127.0.0.1')
+        app.run(host=host, port=port)
         return
 
     if usernames == {}:
diff --git a/maigret/web/app.py b/maigret/web/app.py
index e7dda41..dedc31d 100644
--- a/maigret/web/app.py
+++ b/maigret/web/app.py
@@ -19,7 +19,8 @@ from maigret.sites import MaigretDatabase
 from maigret.report import generate_report_context
 
 app = Flask(__name__)
-app.secret_key = 'your-secret-key-here'
+# Use environment variable for secret key, generate random one if not set
+app.secret_key = os.getenv('FLASK_SECRET_KEY', os.urandom(24).hex())
 
 # add background job tracking
 background_jobs = {}
@@ -338,4 +339,10 @@ if __name__ == '__main__':
         format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
     )
     debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() in ['true', '1', 't']
-    app.run(debug=debug_mode)
+
+    # Host configuration: secure by default
+    # Use 127.0.0.1 for local development, 0.0.0.0 only if explicitly set
+    host = os.getenv('FLASK_HOST', '127.0.0.1')
+    port = int(os.getenv('FLASK_PORT', '5000'))
+
+    app.run(host=host, port=port, debug=debug_mode)