From 27bd5ce1a4ce26d0c7ce5d54daaed92c26f4caeb Mon Sep 17 00:00:00 2001 From: Simon L Date: Sun, 25 Dec 2022 02:26:32 +0100 Subject: [PATCH] secrets should only get generated if defined in secrets of container.json Signed-off-by: Simon L --- php/public/index.php | 4 ++-- php/src/Data/ConfigurationManager.php | 13 +++++++++++-- php/src/Docker/DockerActionManager.php | 10 +++++++++- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index d469264b..aaf829c8 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -77,9 +77,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container) return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->GetDomain(), 'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(), - 'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'), + 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), 'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(), - 'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'), + 'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'), 'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(), 'has_backup_run_once' => $configurationManager->hasBackupRunOnce(), 'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 9d21922e..0a265fd9 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -32,7 +32,7 @@ class ConfigurationManager $this->WriteConfig($config); } - public function GetSecret(string $secretId) : string { + public function GetAndGenerateSecret(string $secretId) : string { $config = $this->GetConfig(); if(!isset($config['secrets'][$secretId])) { $config['secrets'][$secretId] = bin2hex(random_bytes(24)); @@ -46,6 +46,15 @@ class ConfigurationManager return $config['secrets'][$secretId]; } + public function GetSecret(string $secretId) : string { + $config = $this->GetConfig(); + if(!isset($config['secrets'][$secretId])) { + $config['secrets'][$secretId] = ""; + } + + return $config['secrets'][$secretId]; + } + private function DoubleSafeBackupSecret(string $borgBackupPassword) : void { file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword); } @@ -269,7 +278,7 @@ class ConfigurationManager } // Get Instance ID - $instanceID = $this->GetSecret('INSTANCE_ID'); + $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID'); // set protocol if ($port !== '443') { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 9550dd44..bf357981 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -230,6 +230,10 @@ class DockerActionManager $requestBody['HostConfig']['Binds'] = $volumes; } + foreach($container->GetSecrets() as $secret) { + $this->configurationManager->GetAndGenerateSecret($secret); + } + $envs = $container->GetEnvironmentVariables()->GetVariables(); foreach($envs as $key => $env) { $patterns = ['/%(.*)%/']; @@ -337,7 +341,11 @@ class DockerActionManager } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') { $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions(); } else { - $replacements[1] = $this->configurationManager->GetSecret($out[1]); + $secret = $this->configurationManager->GetSecret($out[1]); + if ($secret === "") { + throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json."); + } + $replacements[1] = $secret; } $envs[$key] = preg_replace($patterns, $replacements, $env);