Add InternalTokenURI to load InteralToken from an external file (#5812)
This commit is contained in:
parent
91775c1125
commit
d7542bfde3
1 changed files with 73 additions and 25 deletions
|
@ -7,6 +7,8 @@ package setting
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
"io"
|
||||||
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
@ -1007,31 +1009,7 @@ func NewContext() {
|
||||||
MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
|
MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
|
||||||
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
|
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
|
||||||
DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false)
|
DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false)
|
||||||
InternalToken = sec.Key("INTERNAL_TOKEN").String()
|
InternalToken = loadInternalToken(sec)
|
||||||
if len(InternalToken) == 0 {
|
|
||||||
InternalToken, err = generate.NewInternalToken()
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(4, "Error generate internal token: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Save secret
|
|
||||||
cfgSave := ini.Empty()
|
|
||||||
if com.IsFile(CustomConf) {
|
|
||||||
// Keeps custom settings if there is already something.
|
|
||||||
if err := cfgSave.Append(CustomConf); err != nil {
|
|
||||||
log.Error(4, "Failed to load custom conf '%s': %v", CustomConf, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
cfgSave.Section("security").Key("INTERNAL_TOKEN").SetValue(InternalToken)
|
|
||||||
|
|
||||||
if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil {
|
|
||||||
log.Fatal(4, "Failed to create '%s': %v", CustomConf, err)
|
|
||||||
}
|
|
||||||
if err := cfgSave.SaveTo(CustomConf); err != nil {
|
|
||||||
log.Fatal(4, "Error saving generated JWT Secret to custom config: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
IterateBufferSize = Cfg.Section("database").Key("ITERATE_BUFFER_SIZE").MustInt(50)
|
IterateBufferSize = Cfg.Section("database").Key("ITERATE_BUFFER_SIZE").MustInt(50)
|
||||||
LogSQL = Cfg.Section("database").Key("LOG_SQL").MustBool(true)
|
LogSQL = Cfg.Section("database").Key("LOG_SQL").MustBool(true)
|
||||||
DBConnectRetries = Cfg.Section("database").Key("DB_RETRIES").MustInt(10)
|
DBConnectRetries = Cfg.Section("database").Key("DB_RETRIES").MustInt(10)
|
||||||
|
@ -1268,6 +1246,76 @@ func NewContext() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func loadInternalToken(sec *ini.Section) string {
|
||||||
|
uri := sec.Key("INTERNAL_TOKEN_URI").String()
|
||||||
|
if len(uri) == 0 {
|
||||||
|
return loadOrGenerateInternalToken(sec)
|
||||||
|
}
|
||||||
|
tempURI, err := url.Parse(uri)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(4, "Failed to parse INTERNAL_TOKEN_URI (%s): %v", uri, err)
|
||||||
|
}
|
||||||
|
switch tempURI.Scheme {
|
||||||
|
case "file":
|
||||||
|
fp, err := os.OpenFile(tempURI.RequestURI(), os.O_RDWR, 0600)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(4, "Failed to open InternalTokenURI (%s): %v", uri, err)
|
||||||
|
}
|
||||||
|
defer fp.Close()
|
||||||
|
|
||||||
|
buf, err := ioutil.ReadAll(fp)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(4, "Failed to read InternalTokenURI (%s): %v", uri, err)
|
||||||
|
}
|
||||||
|
// No token in the file, generate one and store it.
|
||||||
|
if len(buf) == 0 {
|
||||||
|
token, err := generate.NewInternalToken()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(4, "Error generate internal token: %v", err)
|
||||||
|
}
|
||||||
|
if _, err := io.WriteString(fp, token); err != nil {
|
||||||
|
log.Fatal(4, "Error writing to InternalTokenURI (%s): %v", uri, err)
|
||||||
|
}
|
||||||
|
return token
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(buf)
|
||||||
|
default:
|
||||||
|
log.Fatal(4, "Unsupported URI-Scheme %q (INTERNAL_TOKEN_URI = %q)", tempURI.Scheme, uri)
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
func loadOrGenerateInternalToken(sec *ini.Section) string {
|
||||||
|
var err error
|
||||||
|
token := sec.Key("INTERNAL_TOKEN").String()
|
||||||
|
if len(token) == 0 {
|
||||||
|
token, err = generate.NewInternalToken()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(4, "Error generate internal token: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Save secret
|
||||||
|
cfgSave := ini.Empty()
|
||||||
|
if com.IsFile(CustomConf) {
|
||||||
|
// Keeps custom settings if there is already something.
|
||||||
|
if err := cfgSave.Append(CustomConf); err != nil {
|
||||||
|
log.Error(4, "Failed to load custom conf '%s': %v", CustomConf, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cfgSave.Section("security").Key("INTERNAL_TOKEN").SetValue(token)
|
||||||
|
|
||||||
|
if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil {
|
||||||
|
log.Fatal(4, "Failed to create '%s': %v", CustomConf, err)
|
||||||
|
}
|
||||||
|
if err := cfgSave.SaveTo(CustomConf); err != nil {
|
||||||
|
log.Fatal(4, "Error saving generated INTERNAL_TOKEN to custom config: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return token
|
||||||
|
}
|
||||||
|
|
||||||
// NewServices initializes the services
|
// NewServices initializes the services
|
||||||
func NewServices() {
|
func NewServices() {
|
||||||
newService()
|
newService()
|
||||||
|
|
Reference in a new issue