nextcloud/all-in-one
1
1
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2024-12-27 09:10:58 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1596 from nextcloud/enh/noid/pre-generate-secrets

Browse source 
secrets should only get generated if defined in secrets of container.…
This commit is contained in:
Simon L 2022-12-30 20:51:21 +01:00 committed by GitHub
commit 9c968d33b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
php/public/index.php
View file

@ -77,9 +77,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
return $view->render($response, 'containers.twig', [ return $view->render($response, 'containers.twig', [
'domain' => $configurationManager->GetDomain(), 'domain' => $configurationManager->GetDomain(),
'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(), 'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'), 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(), 'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'), 'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(), 'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
'has_backup_run_once' => $configurationManager->hasBackupRunOnce(), 'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(), 'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),

13
php/src/Data/ConfigurationManager.php
View file

@ -32,7 +32,7 @@ class ConfigurationManager
$this->WriteConfig($config); $this->WriteConfig($config);
} }
public function GetSecret(string $secretId) : string { public function GetAndGenerateSecret(string $secretId) : string {
$config = $this->GetConfig(); $config = $this->GetConfig();
if(!isset($config['secrets'][$secretId])) { if(!isset($config['secrets'][$secretId])) {
$config['secrets'][$secretId] = bin2hex(random_bytes(24)); $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@ -46,6 +46,15 @@ class ConfigurationManager
return $config['secrets'][$secretId]; return $config['secrets'][$secretId];
} }
public function GetSecret(string $secretId) : string {
$config = $this->GetConfig();
if(!isset($config['secrets'][$secretId])) {
$config['secrets'][$secretId] = "";
}
return $config['secrets'][$secretId];
}
private function DoubleSafeBackupSecret(string $borgBackupPassword) : void { private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword); file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
} }
@ -269,7 +278,7 @@ class ConfigurationManager
} }
// Get Instance ID // Get Instance ID
$instanceID = $this->GetSecret('INSTANCE_ID'); $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');
// set protocol // set protocol
if ($port !== '443') { if ($port !== '443') {

10
php/src/Docker/DockerActionManager.php
View file

@ -228,6 +228,10 @@ class DockerActionManager
$requestBody['HostConfig']['Binds'] = $volumes; $requestBody['HostConfig']['Binds'] = $volumes;
} }
foreach($container->GetSecrets() as $secret) {
$this->configurationManager->GetAndGenerateSecret($secret);
}
$envs = $container->GetEnvironmentVariables()->GetVariables(); $envs = $container->GetEnvironmentVariables()->GetVariables();
foreach($envs as $key => $env) { foreach($envs as $key => $env) {
$patterns = ['/%(.*)%/']; $patterns = ['/%(.*)%/'];
@ -335,7 +339,11 @@ class DockerActionManager
} elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') { } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
$replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions(); $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
} else { } else {
$replacements[1] = $this->configurationManager->GetSecret($out[1]); $secret = $this->configurationManager->GetSecret($out[1]);
if ($secret === "") {
throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
}
$replacements[1] = $secret;
} }
$envs[$key] = preg_replace($patterns, $replacements, $env); $envs[$key] = preg_replace($patterns, $replacements, $env);