removed default master key and added warning log if not set

2024-09-21 07:46:04 +08:00 · 2022-02-14 09:58:50 -05:00 · 2022-02-14 09:58:50 -05:00 · 51fa553df3
parent 816e0a3dd6
commit 51fa553df3
6 changed files with 10 additions and 11 deletions
--- a/controllers/security.go
+++ b/controllers/security.go
@ -98,9 +98,9 @@ func SecurityCheck(reqAdmin bool, netname string, token string) (error, []string
 	return nil, userNetworks, username
 }

-//Consider a more secure way of setting master key
+// Consider a more secure way of setting master key
 func authenticateMaster(tokenString string) bool {
-	return tokenString == servercfg.GetMasterKey()
+	return tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != ""
 }

 //Consider a more secure way of setting master key
--- a/controllers/server.go
+++ b/controllers/server.go
@ -49,7 +49,7 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
 			returnErrorResponse(w, r, errorResponse)
 			return
 		}
-		if adminonly && !isadmin && !authenticateMasterServer(authToken) {
+		if adminonly && !isadmin && !authenticateMaster(authToken) {
 			returnErrorResponse(w, r, errorResponse)
 			return
 		}
@ -57,11 +57,6 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
 	}
 }

-//Consider a more secure way of setting master key
-func authenticateMasterServer(tokenString string) bool {
-	return tokenString == servercfg.GetMasterKey()
-}
-
 func removeNetwork(w http.ResponseWriter, r *http.Request) {
 	// Set header
 	w.Header().Set("Content-Type", "application/json")
--- a/logic/jwts.go
+++ b/logic/jwts.go
@ -55,7 +55,7 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
 func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
 	claims := &models.UserClaims{}

-	if tokenString == servercfg.GetMasterKey() {
+	if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
 		return "masteradministrator", nil, true, nil
 	}

@ -79,7 +79,7 @@ func VerifyToken(tokenString string) (nodeID string, mac string, network string,

 	//this may be a stupid way of serving up a master key
 	//TODO: look into a different method. Encryption?
-	if tokenString == servercfg.GetMasterKey() {
+	if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
 		return "mastermac", "", "", nil
 	}

--- a/BIN
+++ b/BIN
--- a/main.go
+++ b/main.go
@ -41,6 +41,10 @@ func main() {
 func initialize() { // Client Mode Prereq Check
 	var err error

+	if servercfg.GetMasterKey() == "" {
+		logger.Log(0, "warning: MASTER_KEY not set, this could make account recovery difficult")
+	}
+
 	if servercfg.GetNodeID() == "" {
 		logger.FatalLog("error: must set NODE_ID, currently blank")
 	}
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@ -266,7 +266,7 @@ func GetMessageQueueEndpoint() string {

 // GetMasterKey - gets the configured master key of server
 func GetMasterKey() string {
-	key := "secretkey"
+	key := ""
 	if os.Getenv("MASTER_KEY") != "" {
 		key = os.Getenv("MASTER_KEY")
 	} else if config.Config.Server.MasterKey != "" {