FIX: fixed cache folder being publically exposed, FIX: added .secure folder and move cookies into secured location as required

mylar/auth32p.py

@@ -69,7 +69,7 @@ class info32p(object):
         try:
             with cfscrape.create_scraper() as s:
                 s.headers = self.headers
-                cj = LWPCookieJar(os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat"))
+                cj = LWPCookieJar(os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat"))
                 cj.load()
                 s.cookies = cj
 
@@ -248,7 +248,7 @@ class info32p(object):
 
         with cfscrape.create_scraper() as s:
             s.headers = self.headers
-            cj = LWPCookieJar(os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat"))
+            cj = LWPCookieJar(os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat"))
             cj.load()
             s.cookies = cj
             data = []
@@ -403,7 +403,7 @@ class info32p(object):
             except Exception as e:
                 logger.error('%s Can\'t create session with cfscrape' % self.module)
 
-            self.session_path = session_path if session_path is not None else os.path.join(mylar.CONFIG.CACHE_DIR, ".32p_cookies.dat")
+            self.session_path = session_path if session_path is not None else os.path.join(mylar.CONFIG.SECURE_DIR, ".32p_cookies.dat")
             self.ses.cookies = LWPCookieJar(self.session_path)
             if not os.path.exists(self.session_path):
                 logger.fdebug('%s Session cookie does not exist. Signing in and Creating.' % self.module)

mylar/config.py

@@ -3,6 +3,7 @@ from collections import OrderedDict
 from operator import itemgetter
 
 import os
+import glob
 import codecs
 import shutil
 import re
@@ -74,6 +75,7 @@ _CONFIG_DEFINITIONS = OrderedDict({
     'ALTERNATE_LATEST_SERIES_COVERS': (bool, 'General', False),
     'SHOW_ICONS': (bool, 'General', False),
     'FORMAT_BOOKTYPE': (bool, 'General', False),
+    'SECURE_DIR': (str, 'General', None),
 
     'RSS_CHECKINTERVAL': (int, 'Scheduler', 20),
     'SEARCH_INTERVAL': (int, 'Scheduler', 360),
@@ -770,6 +772,25 @@ class Config(object):
             except OSError:
                 logger.error('[Cache Check] Could not create cache dir. Check permissions of datadir: ' + mylar.DATA_DIR)
 
+
+        if not self.SECURE_DIR:
+            self.SECURE_DIR = os.path.join(mylar.DATA_DIR, '.secure')
+
+        if not os.path.exists(self.SECURE_DIR):
+            try:
+               os.makedirs(self.SECURE_DIR)
+            except OSError:
+                logger.error('[Secure DIR Check] Could not create secure directory. Check permissions of datadir: ' + mylar.DATA_DIR)
+
+        #make sure the cookies.dat file is not in cache
+        for f in glob.glob(os.path.join(self.CACHE_DIR, '.32p_cookies.dat')):
+             try:
+                 if os.path.isfile(f):
+                     shutil.move(f, os.path.join(self.SECURE_DIR, '.32p_cookies.dat'))
+             except Exception as e:
+                 logger.error('SECURE-DIR-MOVE] Unable to move cookies file into secure location. This is a fatal error.')
+                 sys.exit()
+
         if all([self.GRABBAG_DIR is None, self.DESTINATION_DIR is not None]):
             self.GRABBAG_DIR = os.path.join(self.DESTINATION_DIR, 'Grabbag')
             logger.fdebug('[Grabbag Directory] Setting One-Off directory to default location: %s' % self.GRABBAG_DIR)

mylar/webstart.py

@@ -99,9 +99,7 @@ def initialize(options):
         },
         '/cache': {
             'tools.staticdir.on': True,
-            'tools.staticdir.dir': mylar.CONFIG.CACHE_DIR,
-            'tools.auth_basic.on': False,
-            'tools.auth.on': False
+            'tools.staticdir.dir': mylar.CONFIG.CACHE_DIR
         }
     }