Skip to content

Commit

Permalink
Move reva transfer secret to shared.Commons
Browse files Browse the repository at this point in the history
Signed-off-by: Christian Richter <[email protected]>
  • Loading branch information
dragonchaser committed Apr 26, 2022
1 parent a4d7696 commit 58a24e6
Show file tree
Hide file tree
Showing 9 changed files with 31 additions and 15 deletions.
8 changes: 6 additions & 2 deletions extensions/storage/pkg/config/defaults/defaultconfig.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package defaults

import (
"log"
"os"
"path"

Expand Down Expand Up @@ -36,7 +37,6 @@ func DefaultConfig() *config.Config {
Reva: config.Reva{
JWTSecret: "Pive-Fumkiu4",
SkipUserGroupsInToken: false,
TransferSecret: "replace-me-with-a-transfer-secret",
TransferExpires: 24 * 60 * 60,
OIDC: config.OIDC{
Issuer: defaultPublicURL,
Expand Down Expand Up @@ -460,7 +460,11 @@ func DefaultConfig() *config.Config {
}

func EnsureDefaults(cfg *config.Config) {
// TODO: IMPLEMENT ME!
if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
cfg.TransferSecret = cfg.Commons.TransferSecret
} else {
log.Fatal("reva transfer secret is not set up properly, bailing out (storage)")
}
}

func Sanitize(cfg *config.Config) {
Expand Down
2 changes: 1 addition & 1 deletion extensions/thumbnails/pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@ type Thumbnail struct {
CS3AllowInsecure bool `yaml:"cs3_allow_insecure,omitempty" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE"`
RevaGateway string `yaml:"reva_gateway,omitempty" env:"REVA_GATEWAY"` //TODO: use REVA config
FontMapFile string `yaml:"font_map_file,omitempty" env:"THUMBNAILS_TXT_FONTMAP_FILE"`
TransferTokenSecret string `yaml:"transfer_token,omitempty" env:"THUMBNAILS_TRANSFER_TOKEN"`
TransferSecret string `yaml:"transfer_secret,omitempty" env:"THUMBNAILS_TRANSFER_TOKEN"`
DataEndpoint string `yaml:"data_endpoint,omitempty" env:"THUMBNAILS_DATA_ENDPOINT"`
}
8 changes: 7 additions & 1 deletion extensions/thumbnails/pkg/config/defaults/defaultconfig.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package defaults

import (
"log"
"path"

"github.com/owncloud/ocis/extensions/thumbnails/pkg/config"
Expand Down Expand Up @@ -44,7 +45,6 @@ func DefaultConfig() *config.Config {
WebdavAllowInsecure: false,
RevaGateway: "127.0.0.1:9142",
CS3AllowInsecure: false,
TransferTokenSecret: "changemeplease",
DataEndpoint: "http://127.0.0.1:9186/thumbnails/data",
},
}
Expand Down Expand Up @@ -73,6 +73,12 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}

if cfg.Thumbnail.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
cfg.Thumbnail.TransferSecret = cfg.Commons.TransferSecret
} else {
log.Fatalf("reva transfer secret is not set up properly, bailing out (%s)", cfg.Service.Name)
}
}

func Sanitize(cfg *config.Config) {
Expand Down
2 changes: 1 addition & 1 deletion extensions/thumbnails/pkg/service/grpc/v0/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func NewService(opts ...Option) decorators.DecoratedService {
TxtFontFileMap: options.Config.Thumbnail.FontMapFile,
},
dataEndpoint: options.Config.Thumbnail.DataEndpoint,
transferTokenSecret: options.Config.Thumbnail.TransferTokenSecret,
transferTokenSecret: options.Config.Thumbnail.TransferSecret,
}

return svc
Expand Down
2 changes: 1 addition & 1 deletion extensions/thumbnails/pkg/service/http/v0/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ func (s Thumbnails) TransferTokenValidator(next http.Handler) http.Handler {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return []byte(s.config.Thumbnail.TransferTokenSecret), nil
return []byte(s.config.Thumbnail.TransferSecret), nil
})
if err != nil {
s.logger.Error().
Expand Down
5 changes: 3 additions & 2 deletions ocis-pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,9 @@ type Config struct {

Registry string `yaml:"registry,omitempty"`
TokenManager *shared.TokenManager `yaml:"token_manager,omitempty"`
MachineAuthAPIKey string
Runtime Runtime `yaml:"runtime,omitempty"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"`
TransferSecret string `yaml:"transfer_secret,omitempty"`
Runtime Runtime `yaml:"runtime,omitempty"`

Audit *audit.Config `yaml:"audit,omitempty"`
Accounts *accounts.Config `yaml:"accounts,omitempty"`
Expand Down
6 changes: 6 additions & 0 deletions ocis-pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,12 @@ func ParseConfig(cfg *config.Config) error {
log.Fatalf("machine auth api key is not set up properly, bailing out (ocis)")
}

if cfg.TransferSecret != "" {
cfg.Commons.TransferSecret = cfg.TransferSecret
} else {
log.Fatalf("reva transfer secret not properly set, bailing out (ocis)")
}

// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
Expand Down
1 change: 1 addition & 0 deletions ocis-pkg/shared/shared_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,4 +37,5 @@ type Commons struct {
OcisURL string `yaml:"ocis_url" env:"OCIS_URL"`
TokenManager *TokenManager `yaml:"token_manager"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"`
TransferSecret string `yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"`
}
12 changes: 5 additions & 7 deletions ocis/pkg/command/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (
idm "github.com/owncloud/ocis/extensions/idm/pkg/config"
proxy "github.com/owncloud/ocis/extensions/proxy/pkg/config"
storage "github.com/owncloud/ocis/extensions/storage/pkg/config"
thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/config"
)

const configFilename string = "ocis.yaml"
Expand Down Expand Up @@ -110,8 +109,8 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
//Proxy: &proxy.Config{},
//OCS: &ocs.Config{},
//Settings: &settings.Config{},
Storage: &storage.Config{},
Thumbnails: &thumbnails.Config{},
Storage: &storage.Config{},
//Thumbnails: &thumbnails.Config{},
//Web: &web.Config{},
//WebDAV: &webdav.Config{},
}
Expand Down Expand Up @@ -145,7 +144,7 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
if err != nil {
return fmt.Errorf("Could not generate random password for machineauthsecret: %s", err)
}
thumbnailTransferTokenSecret, err := generators.GenerateRandomPassword(passwordLength)
revaTransferTokenSecret, err := generators.GenerateRandomPassword(passwordLength)
if err != nil {
return fmt.Errorf("Could not generate random password for machineauthsecret: %s", err)
}
Expand All @@ -154,10 +153,9 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
// TODO: REVA config is missing (LDAP + GROUP provider)
// TODO: graph needs IDM password configured
// TODO: add missing insecure occurences
// TODO: search for missing transfer secrets
// TODO: move transfersecret for all extensions to shared

cfg.MachineAuthAPIKey = machineAuthApiKey
cfg.TransferSecret = revaTransferTokenSecret
cfg.TokenManager.JWTSecret = tokenManagerJwtSecret
//cfg.Commons.TokenManager.JWTSecret = tokenManagerJwtSecret
//cfg.Accounts.TokenManager.JWTSecret = tokenManagerJwtSecret
Expand All @@ -176,7 +174,7 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
//cfg.Settings.TokenManager.JWTSecret = tokenManagerJwtSecret
cfg.Storage.Reva.JWTSecret = tokenManagerJwtSecret
cfg.Storage.OCDav.JWTSecret = tokenManagerJwtSecret
cfg.Thumbnails.Thumbnail.TransferTokenSecret = thumbnailTransferTokenSecret
//cfg.Thumbnails.Thumbnail.TransferSecret = revaTransferTokenSecret
yamlOutput, err := yaml.Marshal(cfg)
if err != nil {
return fmt.Errorf("Could not marshall config into yaml: %s", err)
Expand Down

0 comments on commit 58a24e6

Please sign in to comment.