From a1519a4b05d44e2f12a91aeffd9f7f956043001b Mon Sep 17 00:00:00 2001
From: Georges-Antoine Assi <contact@me.gantoine.com>
Date: Fri, 15 Aug 2025 12:46:46 -0400
Subject: [PATCH] Make default ROMM_AUTH_SECRET_KEY consistent between workers

---
 backend/config/__init__.py | 8 +++-----
 docker/init_scripts/init   | 7 +++++++
 entrypoint.sh              | 7 ++++++-
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/backend/config/__init__.py b/backend/config/__init__.py
index f9dc28cdc..6c3e87ed0 100644
--- a/backend/config/__init__.py
+++ b/backend/config/__init__.py
@@ -1,5 +1,4 @@
 import os
-import secrets
 from typing import Final
 
 import yarl
@@ -9,7 +8,7 @@ load_dotenv()
 
 
 def str_to_bool(value: str) -> bool:
-    return value.lower() in ("true", "1")
+    return value.strip().lower() in ("1", "true", "yes", "on")
 
 
 ROMM_BASE_URL = os.environ.get("ROMM_BASE_URL", "http://0.0.0.0")
@@ -98,9 +97,8 @@ HASHEOUS_API_ENABLED: Final = str_to_bool(
 TGDB_API_ENABLED: Final = str_to_bool(os.environ.get("TGDB_API_ENABLED", "false"))
 
 # AUTH
-ROMM_AUTH_SECRET_KEY: Final = os.environ.get(
-    "ROMM_AUTH_SECRET_KEY", secrets.token_hex(32)
-)
+ROMM_AUTH_SECRET_KEY: Final = os.environ.get("ROMM_AUTH_SECRET_KEY")
+
 SESSION_MAX_AGE_SECONDS: Final = int(
     os.environ.get("SESSION_MAX_AGE_SECONDS", 14 * 24 * 60 * 60)
 )  # 14 days, in seconds
diff --git a/docker/init_scripts/init b/docker/init_scripts/init
index f2539f992..5944baf91 100755
--- a/docker/init_scripts/init
+++ b/docker/init_scripts/init
@@ -275,6 +275,13 @@ if ! printenv | grep -q '^OTEL_'; then
 	export OTEL_SDK_DISABLED=true
 fi
 
+# Set ROMM_AUTH_SECRET_KEY if not already set
+if [[ -z ${ROMM_AUTH_SECRET_KEY} ]]; then
+	ROMM_AUTH_SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_hex(32))")
+	info_log "ROMM_AUTH_SECRET_KEY not set, generating random secret key"
+	export ROMM_AUTH_SECRET_KEY
+fi
+
 # Start Valkey server if REDIS_HOST is not set (which would mean user is using an external Redis/Valkey)
 if [[ -z ${REDIS_HOST} ]]; then
 	watchdog_process_pid valkey-server
diff --git a/entrypoint.sh b/entrypoint.sh
index cf20b42a1..7c15d1d19 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,5 +1,4 @@
 #!/bin/bash
-# trunk-ignore-all(shellcheck/SC2016)
 
 set -e
 
@@ -33,6 +32,12 @@ function handle_termination() {
 # Trap SIGTERM and SIGINT signals
 trap handle_termination SIGTERM SIGINT
 
+# Set ROMM_AUTH_SECRET_KEY if not already set
+if [[ -z ${ROMM_AUTH_SECRET_KEY} ]]; then
+	ROMM_AUTH_SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_hex(32))")
+	export ROMM_AUTH_SECRET_KEY
+fi
+
 # Start all services in the background
 echo "Starting backend..."
 cd /app/backend