support hypercorn server_names against dns rebind attacks, add cookie sessions to flash messages

src/capport/config.py

@@ -7,16 +7,28 @@ import typing
 import yaml
 
 
+_cached_config: typing.Optional[Config] = None
+
+
 @dataclasses.dataclass
 class Config:
     controllers: typing.List[str]
-    secret: str
+    server_names: typing.List[str]
+    comm_secret: str
+    cookie_secret: str
     venue_info_url: typing.Optional[str]
     session_timeout: int  # in seconds
     debug: bool
 
     @staticmethod
-    def load(filename: typing.Optional[str]=None) -> 'Config':
+    def load_default_once() -> Config:
+        global _cached_config
+        if not _cached_config:
+            _cached_config = Config.load()
+        return _cached_config
+
+    @staticmethod
+    def load(filename: typing.Optional[str]=None) -> Config:
         if filename is None:
             for name in ('capport.yaml', '/etc/capport.yaml'):
                 if os.path.exists(name):
@@ -27,7 +39,9 @@ class Config:
         controllers = list(map(str, data['controllers']))
         return Config(
             controllers=controllers,
-            secret=str(data['secret']),
+            server_names=data.get('server-names', []),
+            comm_secret=str(data.get('comm-secret', None) or data['secret']),
+            cookie_secret=str(data['cookie-secret']),
             venue_info_url=str(data.get('venue-info-url')),
             session_timeout=data.get('session-timeout', 3600),
             debug=data.get('debug', False)