gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-11-12 09:40:46 +08:00
Code Issues Projects Releases Packages Wiki Activity

removed default master key and added warning log if not set

Browse source
This commit is contained in:
0xdcarns 2022-02-14 09:58:50 -05:00
parent 816e0a3dd6
commit 51fa553df3
6 changed files with 10 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
controllers/security.go
View file

@ -98,9 +98,9 @@ func SecurityCheck(reqAdmin bool, netname string, token string) (error, []string
return nil, userNetworks, username return nil, userNetworks, username
} }
//Consider a more secure way of setting master key // Consider a more secure way of setting master key
func authenticateMaster(tokenString string) bool { func authenticateMaster(tokenString string) bool {
return tokenString == servercfg.GetMasterKey() return tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != ""
} }
//Consider a more secure way of setting master key //Consider a more secure way of setting master key

7
controllers/server.go
View file

@ -49,7 +49,7 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return return
} }
if adminonly && !isadmin && !authenticateMasterServer(authToken) { if adminonly && !isadmin && !authenticateMaster(authToken) {
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return return
} }
@ -57,11 +57,6 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
} }
} }
//Consider a more secure way of setting master key
func authenticateMasterServer(tokenString string) bool {
return tokenString == servercfg.GetMasterKey()
}
func removeNetwork(w http.ResponseWriter, r *http.Request) { func removeNetwork(w http.ResponseWriter, r *http.Request) {
// Set header // Set header
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")

4
logic/jwts.go
View file

@ -55,7 +55,7 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) { func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
claims := &models.UserClaims{} claims := &models.UserClaims{}
if tokenString == servercfg.GetMasterKey() { if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
return "masteradministrator", nil, true, nil return "masteradministrator", nil, true, nil
} }
@ -79,7 +79,7 @@ func VerifyToken(tokenString string) (nodeID string, mac string, network string,
//this may be a stupid way of serving up a master key //this may be a stupid way of serving up a master key
//TODO: look into a different method. Encryption? //TODO: look into a different method. Encryption?
if tokenString == servercfg.GetMasterKey() { if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
return "mastermac", "", "", nil return "mastermac", "", "", nil
} }

BIN
main
View file

Binary file not shown.

4
main.go
View file

@ -41,6 +41,10 @@ func main() {
func initialize() { // Client Mode Prereq Check func initialize() { // Client Mode Prereq Check
var err error var err error
if servercfg.GetMasterKey() == "" {
logger.Log(0, "warning: MASTER_KEY not set, this could make account recovery difficult")
}
if servercfg.GetNodeID() == "" { if servercfg.GetNodeID() == "" {
logger.FatalLog("error: must set NODE_ID, currently blank") logger.FatalLog("error: must set NODE_ID, currently blank")
} }

2
servercfg/serverconf.go
View file

@ -266,7 +266,7 @@ func GetMessageQueueEndpoint() string {
// GetMasterKey - gets the configured master key of server // GetMasterKey - gets the configured master key of server
func GetMasterKey() string { func GetMasterKey() string {
key := "secretkey" key := ""
if os.Getenv("MASTER_KEY") != "" { if os.Getenv("MASTER_KEY") != "" {
key = os.Getenv("MASTER_KEY") key = os.Getenv("MASTER_KEY")
} else if config.Config.Server.MasterKey != "" { } else if config.Config.Server.MasterKey != "" {