fix: Handle empty FLASK_SECRET_KEY in config (v0.9.5)

os.getenv() returns empty string instead of using default when env var is set but empty. This caused SECRET_KEY to be empty when FLASK_SECRET_KEY="" was in .env, breaking Flask sessions/flash messages. Now treats empty string same as unset, properly falling back to SESSION_SECRET. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-23 19:36:08 -07:00
parent a6f3fbaae4
commit 9c65723e9d
3 changed files with 13 additions and 5 deletions
--- a/starpunk/init.py
+++ b/starpunk/init.py
@@ -153,5 +153,5 @@ def create_app(config=None):

 # Package version (Semantic Versioning 2.0.0)
 # See docs/standards/versioning-strategy.md for details
-__version__ = "0.9.4"
-__version_info__ = (0, 9, 4)
+__version__ = "0.9.5"
+__version_info__ = (0, 9, 5)
--- a/starpunk/config.py
+++ b/starpunk/config.py
@@ -44,9 +44,9 @@ def load_config(app, config_override=None):
        )

    # Flask secret key (uses SESSION_SECRET by default)
-    app.config["SECRET_KEY"] = os.getenv(
-        "FLASK_SECRET_KEY", app.config["SESSION_SECRET"]
-    )
+    # Note: We check for truthy value to handle empty string in .env
+    flask_secret = os.getenv("FLASK_SECRET_KEY")
+    app.config["SECRET_KEY"] = flask_secret if flask_secret else app.config["SESSION_SECRET"]

    # Data paths
    app.config["DATA_PATH"] = Path(os.getenv("DATA_PATH", "./data"))