diff options
| author | Norwin <noerw@users.noreply.github.com> | 2021-05-31 08:25:47 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-31 04:25:47 -0400 |
| commit | cb940c4312981893fdb54cbd0e07520546776b34 (patch) | |
| tree | 69ade3dd15712647ba04186008d3ffab203edf49 /models/migrations/v180.go | |
| parent | 256b1a35615487f27878422f877f25be3f066f54 (diff) | |
| download | gitea-cb940c4312981893fdb54cbd0e07520546776b34.tar.gz gitea-cb940c4312981893fdb54cbd0e07520546776b34.zip | |
Encrypt migration credentials at rest (#15895)
* encrypt migration credentials in task persistence
Not sure this is the best approach, we could encrypt the entire
`PayloadContent` instead. Also instead of clearing individual fields in
payload content, we could just delete the task once it has
(successfully) finished..?
* remove credentials of past migrations
* only run DB migration for completed tasks
* fix binding
* add omitempty
* never serialize unencrypted credentials
* fix import order
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'models/migrations/v180.go')
| -rw-r--r-- | models/migrations/v180.go | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/models/migrations/v180.go b/models/migrations/v180.go new file mode 100644 index 0000000000..c2a3ff961a --- /dev/null +++ b/models/migrations/v180.go @@ -0,0 +1,74 @@ +// Copyright 2021 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "code.gitea.io/gitea/models" + "code.gitea.io/gitea/modules/migrations/base" + "code.gitea.io/gitea/modules/structs" + "code.gitea.io/gitea/modules/util" + + jsoniter "github.com/json-iterator/go" + "xorm.io/builder" + "xorm.io/xorm" +) + +func deleteMigrationCredentials(x *xorm.Engine) (err error) { + const batchSize = 100 + + // only match migration tasks, that are not pending or running + cond := builder.Eq{ + "type": structs.TaskTypeMigrateRepo, + }.And(builder.Gte{ + "status": structs.TaskStatusStopped, + }) + + sess := x.NewSession() + defer sess.Close() + + for start := 0; ; start += batchSize { + tasks := make([]*models.Task, 0, batchSize) + if err = sess.Limit(batchSize, start).Where(cond, 0).Find(&tasks); err != nil { + return + } + if len(tasks) == 0 { + break + } + if err = sess.Begin(); err != nil { + return + } + for _, t := range tasks { + if t.PayloadContent, err = removeCredentials(t.PayloadContent); err != nil { + return + } + if _, err = sess.ID(t.ID).Cols("payload_content").Update(t); err != nil { + return + } + } + if err = sess.Commit(); err != nil { + return + } + } + return +} + +func removeCredentials(payload string) (string, error) { + var opts base.MigrateOptions + json := jsoniter.ConfigCompatibleWithStandardLibrary + err := json.Unmarshal([]byte(payload), &opts) + if err != nil { + return "", err + } + + opts.AuthPassword = "" + opts.AuthToken = "" + opts.CloneAddr = util.SanitizeURLCredentials(opts.CloneAddr, true) + + confBytes, err := json.Marshal(opts) + if err != nil { + return "", err + } + return string(confBytes), nil +} |