milwright commited on
Commit
9db5665
·
1 Parent(s): cec8c79

Fix: Use session state for per-user credential storage to prevent credential sharing across sessions

Browse files
Files changed (1) hide show
  1. advanced_scraper_ui.py +29 -8
advanced_scraper_ui.py CHANGED
@@ -498,15 +498,36 @@ def main():
498
  """)
499
 
500
  with cred_col2:
501
- # Try to load from .env file
502
- load_dotenv()
503
- default_client_id = os.environ.get("REDDIT_CLIENT_ID", "")
504
- default_client_secret = os.environ.get("REDDIT_CLIENT_SECRET", "")
505
- default_user_agent = os.environ.get("REDDIT_USER_AGENT", "RedditScraperApp/1.0")
 
 
506
 
507
- client_id = st.text_input("Client ID", value=default_client_id)
508
- client_secret = st.text_input("Client Secret", value=default_client_secret, type="password")
509
- user_agent = st.text_input("User Agent", value=default_user_agent)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
510
 
511
  save_as_env = st.checkbox("Save credentials for future use (.env file)", value=False)
512
 
 
498
  """)
499
 
500
  with cred_col2:
501
+ # Initialize session state for credentials if they don't exist
502
+ if 'client_id' not in st.session_state:
503
+ st.session_state.client_id = ""
504
+ if 'client_secret' not in st.session_state:
505
+ st.session_state.client_secret = ""
506
+ if 'user_agent' not in st.session_state:
507
+ st.session_state.user_agent = "RedditScraperApp/1.0"
508
 
509
+ # In development environment, try to load from .env file for convenience
510
+ # But don't do this in production to avoid credential leakage
511
+ is_local_dev = not os.environ.get('SPACE_ID') and not os.environ.get('SYSTEM')
512
+ if is_local_dev:
513
+ load_dotenv()
514
+ # Only load from env if session state is empty (first load)
515
+ if not st.session_state.client_id:
516
+ st.session_state.client_id = os.environ.get("REDDIT_CLIENT_ID", "")
517
+ if not st.session_state.client_secret:
518
+ st.session_state.client_secret = os.environ.get("REDDIT_CLIENT_SECRET", "")
519
+ if st.session_state.user_agent == "RedditScraperApp/1.0":
520
+ st.session_state.user_agent = os.environ.get("REDDIT_USER_AGENT", "RedditScraperApp/1.0")
521
+
522
+ # Use session state for the input values
523
+ client_id = st.text_input("Client ID", value=st.session_state.client_id, key="client_id_input")
524
+ client_secret = st.text_input("Client Secret", value=st.session_state.client_secret, type="password", key="client_secret_input")
525
+ user_agent = st.text_input("User Agent", value=st.session_state.user_agent, key="user_agent_input")
526
+
527
+ # Update session state when input changes
528
+ st.session_state.client_id = client_id
529
+ st.session_state.client_secret = client_secret
530
+ st.session_state.user_agent = user_agent
531
 
532
  save_as_env = st.checkbox("Save credentials for future use (.env file)", value=False)
533