summaryrefslogtreecommitdiffstats
path: root/modules/setting
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2017-04-19 11:45:01 +0800
committerGitHub <noreply@github.com>2017-04-19 11:45:01 +0800
commit2eeae84cbd80544157a82c7f031489eaaceaa873 (patch)
treea275f41a3bb552df39724d4eca3dcdffe47dff8f /modules/setting
parentf42ec6120e8a2830407027020b65391ebf8e7f59 (diff)
downloadgitea-2eeae84cbd80544157a82c7f031489eaaceaa873.tar.gz
gitea-2eeae84cbd80544157a82c7f031489eaaceaa873.zip
Add internal routes for ssh hook comands (#1471)
* add internal routes for ssh hook comands * fix lint * add comment on why package named private not internal but the route name is internal * add comment above package private why package named private not internal but the route name is internal * remove exp time on internal access * move routes from /internal to /api/internal * add comment and defer on UpdatePublicKeyUpdated
Diffstat (limited to 'modules/setting')
-rw-r--r--modules/setting/setting.go56
1 files changed, 47 insertions, 9 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index c2e08b0c14..8a2db2b4ba 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -27,6 +27,7 @@ import (
"code.gitea.io/gitea/modules/user"
"github.com/Unknwon/com"
+ "github.com/dgrijalva/jwt-go"
_ "github.com/go-macaron/cache/memcache" // memcache plugin for cache
_ "github.com/go-macaron/cache/redis"
"github.com/go-macaron/session"
@@ -442,14 +443,15 @@ var (
ShowFooterTemplateLoadTime bool
// Global setting objects
- Cfg *ini.File
- CustomPath string // Custom directory path
- CustomConf string
- CustomPID string
- ProdMode bool
- RunUser string
- IsWindows bool
- HasRobotsTxt bool
+ Cfg *ini.File
+ CustomPath string // Custom directory path
+ CustomConf string
+ CustomPID string
+ ProdMode bool
+ RunUser string
+ IsWindows bool
+ HasRobotsTxt bool
+ InternalToken string // internal access token
)
// DateLang transforms standard language locale name to corresponding value in datetime plugin.
@@ -764,6 +766,43 @@ please consider changing to GITEA_CUSTOM`)
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
+ InternalToken = sec.Key("INTERNAL_TOKEN").String()
+ if len(InternalToken) == 0 {
+ secretBytes := make([]byte, 32)
+ _, err := io.ReadFull(rand.Reader, secretBytes)
+ if err != nil {
+ log.Fatal(4, "Error reading random bytes: %v", err)
+ }
+
+ secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
+
+ now := time.Now()
+ InternalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+ "nbf": now.Unix(),
+ }).SignedString([]byte(secretKey))
+
+ if err != nil {
+ log.Fatal(4, "Error generate internal token: %v", err)
+ }
+
+ // Save secret
+ cfgSave := ini.Empty()
+ if com.IsFile(CustomConf) {
+ // Keeps custom settings if there is already something.
+ if err := cfgSave.Append(CustomConf); err != nil {
+ log.Error(4, "Failed to load custom conf '%s': %v", CustomConf, err)
+ }
+ }
+
+ cfgSave.Section("security").Key("INTERNAL_TOKEN").SetValue(InternalToken)
+
+ if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil {
+ log.Fatal(4, "Failed to create '%s': %v", CustomConf, err)
+ }
+ if err := cfgSave.SaveTo(CustomConf); err != nil {
+ log.Fatal(4, "Error saving generated JWT Secret to custom config: %v", err)
+ }
+ }
sec = Cfg.Section("attachment")
AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
@@ -940,7 +979,6 @@ var Service struct {
EnableOpenIDSignUp bool
OpenIDWhitelist []*regexp.Regexp
OpenIDBlacklist []*regexp.Regexp
-
}
func newService() {