ryan/simbarag
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix Obsidian sync race condition and block credentials.json from being served

Browse Source 
Run ob login and sync-setup in foreground before backgrounding sync to
prevent "Another sync instance is already running" error. Restrict the
catch-all route to only serve whitelisted static file extensions to
prevent sensitive files like credentials.json from being exposed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Ryan Chen
2026-05-30 23:59:29 -04:00
parent 5e0e2994c2
commit 47238f8567
2 changed files with 40 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app.py
+28 -1
View File
@@ -68,11 +68,38 @@ async def static_files(filename):
return await send_from_directory(app.static_folder, filename) return await send_from_directory(app.static_folder, filename)
# Allowed file extensions for static frontend assets
ALLOWED_STATIC_EXTENSIONS = {
".html",
".css",
".js",
".svg",
".png",
".ico",
".jpg",
".jpeg",
".webp",
".woff",
".woff2",
".ttf",
".txt",
}
# JSON files explicitly allowed to be served (e.g. PWA manifest)
ALLOWED_JSON_FILES = {"manifest.json"}
# Serve the React app for all routes (catch-all) # Serve the React app for all routes (catch-all)
@app.route("/", defaults={"path": ""}) @app.route("/", defaults={"path": ""})
@app.route("/<path:path>") @app.route("/<path:path>")
async def serve_react_app(path): async def serve_react_app(path):
if path and os.path.exists(os.path.join(app.template_folder, path)): if path:
ext = os.path.splitext(path)[1].lower()
basename = os.path.basename(path)
allowed = ext in ALLOWED_STATIC_EXTENSIONS or (
ext == ".json" and basename in ALLOWED_JSON_FILES
)
if allowed and os.path.exists(os.path.join(app.template_folder, path)):
return await send_from_directory(app.template_folder, path) return await send_from_directory(app.template_folder, path)
return await render_template("index.html") return await render_template("index.html")
startup.sh
+5 -7
View File
@@ -12,19 +12,17 @@ if [ "${OBSIDIAN_CONTINUOUS_SYNC}" = "true" ]; then
VAULT_PATH="${OBSIDIAN_VAULT_PATH:-/app/data/obsidian}" VAULT_PATH="${OBSIDIAN_VAULT_PATH:-/app/data/obsidian}"
# Login # Login and setup sync (foreground, must complete before sync starts)
ob login --email "${OBSIDIAN_EMAIL}" --password "${OBSIDIAN_PASSWORD}" && \ if ob login --email "${OBSIDIAN_EMAIL}" --password "${OBSIDIAN_PASSWORD}" && \
# Setup sync for vault
ob sync-setup \ ob sync-setup \
--vault "${OBSIDIAN_VAULT_ID}" \ --vault "${OBSIDIAN_VAULT_ID}" \
--path "${VAULT_PATH}" \ --path "${VAULT_PATH}" \
--password "${OBSIDIAN_E2E_PASSWORD}" \ --password "${OBSIDIAN_E2E_PASSWORD}" \
--device-name "${OBSIDIAN_DEVICE_NAME:-simbarag}" && \ --device-name "${OBSIDIAN_DEVICE_NAME:-simbarag}"; then
# Start continuous sync in background # Start continuous sync in background
echo "Starting Obsidian continuous sync..." && \ echo "Starting Obsidian continuous sync..."
ob sync --continuous --path "${VAULT_PATH}" & ob sync --continuous --path "${VAULT_PATH}" &
else
if [ $? -ne 0 ]; then
echo "WARNING: Obsidian sync setup failed. Continuing without sync." echo "WARNING: Obsidian sync setup failed. Continuing without sync."
fi fi
fi fi