mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-21 07:46:04 +08:00
removed default master key and added warning log if not set
This commit is contained in:
parent
816e0a3dd6
commit
51fa553df3
|
@ -98,9 +98,9 @@ func SecurityCheck(reqAdmin bool, netname string, token string) (error, []string
|
|||
return nil, userNetworks, username
|
||||
}
|
||||
|
||||
//Consider a more secure way of setting master key
|
||||
// Consider a more secure way of setting master key
|
||||
func authenticateMaster(tokenString string) bool {
|
||||
return tokenString == servercfg.GetMasterKey()
|
||||
return tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != ""
|
||||
}
|
||||
|
||||
//Consider a more secure way of setting master key
|
||||
|
|
|
@ -49,7 +49,7 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
|
|||
returnErrorResponse(w, r, errorResponse)
|
||||
return
|
||||
}
|
||||
if adminonly && !isadmin && !authenticateMasterServer(authToken) {
|
||||
if adminonly && !isadmin && !authenticateMaster(authToken) {
|
||||
returnErrorResponse(w, r, errorResponse)
|
||||
return
|
||||
}
|
||||
|
@ -57,11 +57,6 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
|
|||
}
|
||||
}
|
||||
|
||||
//Consider a more secure way of setting master key
|
||||
func authenticateMasterServer(tokenString string) bool {
|
||||
return tokenString == servercfg.GetMasterKey()
|
||||
}
|
||||
|
||||
func removeNetwork(w http.ResponseWriter, r *http.Request) {
|
||||
// Set header
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
|
|
@ -55,7 +55,7 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
|
|||
func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
|
||||
claims := &models.UserClaims{}
|
||||
|
||||
if tokenString == servercfg.GetMasterKey() {
|
||||
if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
|
||||
return "masteradministrator", nil, true, nil
|
||||
}
|
||||
|
||||
|
@ -79,7 +79,7 @@ func VerifyToken(tokenString string) (nodeID string, mac string, network string,
|
|||
|
||||
//this may be a stupid way of serving up a master key
|
||||
//TODO: look into a different method. Encryption?
|
||||
if tokenString == servercfg.GetMasterKey() {
|
||||
if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
|
||||
return "mastermac", "", "", nil
|
||||
}
|
||||
|
||||
|
|
4
main.go
4
main.go
|
@ -41,6 +41,10 @@ func main() {
|
|||
func initialize() { // Client Mode Prereq Check
|
||||
var err error
|
||||
|
||||
if servercfg.GetMasterKey() == "" {
|
||||
logger.Log(0, "warning: MASTER_KEY not set, this could make account recovery difficult")
|
||||
}
|
||||
|
||||
if servercfg.GetNodeID() == "" {
|
||||
logger.FatalLog("error: must set NODE_ID, currently blank")
|
||||
}
|
||||
|
|
|
@ -266,7 +266,7 @@ func GetMessageQueueEndpoint() string {
|
|||
|
||||
// GetMasterKey - gets the configured master key of server
|
||||
func GetMasterKey() string {
|
||||
key := "secretkey"
|
||||
key := ""
|
||||
if os.Getenv("MASTER_KEY") != "" {
|
||||
key = os.Getenv("MASTER_KEY")
|
||||
} else if config.Config.Server.MasterKey != "" {
|
||||
|
|
Loading…
Reference in a new issue