diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2017-04-19 11:45:01 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-19 11:45:01 +0800 |
commit | 2eeae84cbd80544157a82c7f031489eaaceaa873 (patch) | |
tree | a275f41a3bb552df39724d4eca3dcdffe47dff8f /modules/setting/setting.go | |
parent | f42ec6120e8a2830407027020b65391ebf8e7f59 (diff) | |
download | gitea-2eeae84cbd80544157a82c7f031489eaaceaa873.tar.gz gitea-2eeae84cbd80544157a82c7f031489eaaceaa873.zip |
Add internal routes for ssh hook comands (#1471)
* add internal routes for ssh hook comands
* fix lint
* add comment on why package named private not internal but the route name is internal
* add comment above package private why package named private not internal but the route name is internal
* remove exp time on internal access
* move routes from /internal to /api/internal
* add comment and defer on UpdatePublicKeyUpdated
Diffstat (limited to 'modules/setting/setting.go')
-rw-r--r-- | modules/setting/setting.go | 56 |
1 files changed, 47 insertions, 9 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index c2e08b0c14..8a2db2b4ba 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -27,6 +27,7 @@ import ( "code.gitea.io/gitea/modules/user" "github.com/Unknwon/com" + "github.com/dgrijalva/jwt-go" _ "github.com/go-macaron/cache/memcache" // memcache plugin for cache _ "github.com/go-macaron/cache/redis" "github.com/go-macaron/session" @@ -442,14 +443,15 @@ var ( ShowFooterTemplateLoadTime bool // Global setting objects - Cfg *ini.File - CustomPath string // Custom directory path - CustomConf string - CustomPID string - ProdMode bool - RunUser string - IsWindows bool - HasRobotsTxt bool + Cfg *ini.File + CustomPath string // Custom directory path + CustomConf string + CustomPID string + ProdMode bool + RunUser string + IsWindows bool + HasRobotsTxt bool + InternalToken string // internal access token ) // DateLang transforms standard language locale name to corresponding value in datetime plugin. @@ -764,6 +766,43 @@ please consider changing to GITEA_CUSTOM`) ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6) ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false) + InternalToken = sec.Key("INTERNAL_TOKEN").String() + if len(InternalToken) == 0 { + secretBytes := make([]byte, 32) + _, err := io.ReadFull(rand.Reader, secretBytes) + if err != nil { + log.Fatal(4, "Error reading random bytes: %v", err) + } + + secretKey := base64.RawURLEncoding.EncodeToString(secretBytes) + + now := time.Now() + InternalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ + "nbf": now.Unix(), + }).SignedString([]byte(secretKey)) + + if err != nil { + log.Fatal(4, "Error generate internal token: %v", err) + } + + // Save secret + cfgSave := ini.Empty() + if com.IsFile(CustomConf) { + // Keeps custom settings if there is already something. + if err := cfgSave.Append(CustomConf); err != nil { + log.Error(4, "Failed to load custom conf '%s': %v", CustomConf, err) + } + } + + cfgSave.Section("security").Key("INTERNAL_TOKEN").SetValue(InternalToken) + + if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil { + log.Fatal(4, "Failed to create '%s': %v", CustomConf, err) + } + if err := cfgSave.SaveTo(CustomConf); err != nil { + log.Fatal(4, "Error saving generated JWT Secret to custom config: %v", err) + } + } sec = Cfg.Section("attachment") AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments")) @@ -940,7 +979,6 @@ var Service struct { EnableOpenIDSignUp bool OpenIDWhitelist []*regexp.Regexp OpenIDBlacklist []*regexp.Regexp - } func newService() { |