[DOP-25329] Use SecretStr for cookie secret_key

dolfinus · dolfinus · commit 777ef820ed70 · 2025-06-10T18:40:18.000+03:00
diff --git a/syncmaster/server/middlewares/session.py b/syncmaster/server/middlewares/session.py
@@ -10,8 +10,8 @@
 def apply_session_middleware(app: FastAPI, settings: SessionSettings) -> FastAPI:
     """Add SessionMiddleware middleware to the application."""
 
-    app.add_middleware(
-        SessionMiddleware,
-        **settings.model_dump(),
-    )
+    settings_dict = settings.model_dump(exclude={"secret_key"})
+    settings_dict["secret_key"] = settings.secret_key.get_secret_value()
+
+    app.add_middleware(SessionMiddleware, **settings_dict)
     return app
diff --git a/syncmaster/server/settings/server/session.py b/syncmaster/server/settings/server/session.py
@@ -4,7 +4,7 @@
 
 import textwrap
 
-from pydantic import BaseModel, ConfigDict, Field
+from pydantic import BaseModel, ConfigDict, Field, SecretStr
 
 
 class SessionSettings(BaseModel):
@@ -40,7 +40,7 @@ class SessionSettings(BaseModel):
 
     """
 
-    secret_key: str = Field(
+    secret_key: SecretStr = Field(
         description=textwrap.dedent(
             """
             Secret key for encrypting cookies.
