3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-05-31 23:01:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

Allow overide the secret-key on setup module.

Browse source 
Usefull when using a pre-shared secret key.
This commit is contained in:
Andrey Antukh 2021-05-04 15:12:42 +02:00 committed by Andrés Moya
parent af23d62568
commit 8ad8196d70
4 changed files with 29 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/src/app/config.clj
View file

@ -87,6 +87,7 @@
:initial-project-skey "initial-project" :initial-project-skey "initial-project"
}) })
(s/def ::secret-key ::us/string)
(s/def ::allow-demo-users ::us/boolean) (s/def ::allow-demo-users ::us/boolean)
(s/def ::asserts-enabled ::us/boolean) (s/def ::asserts-enabled ::us/boolean)
(s/def ::assets-path ::us/string) (s/def ::assets-path ::us/string)
@ -169,7 +170,8 @@
(s/def ::tenant ::us/string) (s/def ::tenant ::us/string)
(s/def ::config (s/def ::config
(s/keys :opt-un [::allow-demo-users (s/keys :opt-un [::secret-key
::allow-demo-users
::asserts-enabled ::asserts-enabled
::database-password ::database-password
::database-uri ::database-uri

5
backend/src/app/main.clj
View file

@ -45,7 +45,7 @@
:redis-uri (cf/get :redis-uri)} :redis-uri (cf/get :redis-uri)}
:app.tokens/tokens :app.tokens/tokens
{:sprops (ig/ref :app.setup/props)} {:props (ig/ref :app.setup/props)}
:app.storage/gc-deleted-task :app.storage/gc-deleted-task
{:pool (ig/ref :app.db/pool) {:pool (ig/ref :app.db/pool)
@ -257,7 +257,8 @@
:host (cf/get :srepl-host)} :host (cf/get :srepl-host)}
:app.setup/props :app.setup/props
{:pool (ig/ref :app.db/pool)} {:pool (ig/ref :app.db/pool)
:key (cf/get :secret-key)}
:app.loggers.zmq/receiver :app.loggers.zmq/receiver
{:endpoint (cf/get :loggers-zmq-uri)} {:endpoint (cf/get :loggers-zmq-uri)}

28
backend/src/app/setup.clj
View file

@ -29,16 +29,26 @@
(initialize-instance-id! cfg) (initialize-instance-id! cfg)
(retrieve-all cfg)))) (retrieve-all cfg))))
(def sql:upsert-secret-key
"insert into server_prop (id, preload, content)
values ('secret-key', true, ?::jsonb)
on conflict (id) do update set content = ?::jsonb")
(def sql:insert-secret-key
"insert into server_prop (id, preload, content)
values ('secret-key', true, ?::jsonb)
on conflict (id) do nothing")
(defn- initialize-secret-key! (defn- initialize-secret-key!
[{:keys [conn] :as cfg}] [{:keys [conn key] :as cfg}]
(let [key (-> (bn/random-bytes 64) (if key
(bc/bytes->b64u) (let [key (db/tjson key)]
(bc/bytes->str))] (db/exec-one! conn [sql:upsert-secret-key key key]))
(db/insert! conn :server-prop (let [key (-> (bn/random-bytes 64)
{:id "secret-key" (bc/bytes->b64u)
:preload true (bc/bytes->str))
:content (db/tjson key)} key (db/tjson key)]
{:on-conflict-do-nothing true}))) (db/exec-one! conn [sql:insert-secret-key key]))))
(defn- initialize-instance-id! (defn- initialize-instance-id!
[{:keys [conn] :as cfg}] [{:keys [conn] :as cfg}]

8
backend/src/app/tokens.clj
View file

@ -51,11 +51,11 @@
claims)) claims))
(s/def ::secret-key ::us/string) (s/def ::secret-key ::us/string)
(s/def ::sprops (s/def ::props
(s/keys :req-un [::secret-key])) (s/keys :req-un [::secret-key]))
(defmethod ig/pre-init-spec ::tokens [_] (defmethod ig/pre-init-spec ::tokens [_]
(s/keys :req-un [::sprops])) (s/keys :req-un [::props]))
(defn- generate-predefined (defn- generate-predefined
[cfg {:keys [iss profile-id] :as params}] [cfg {:keys [iss profile-id] :as params}]
@ -71,8 +71,8 @@
:hint "no predefined token"))) :hint "no predefined token")))
(defmethod ig/init-key ::tokens (defmethod ig/init-key ::tokens
[_ {:keys [sprops] :as cfg}] [_ {:keys [props] :as cfg}]
(let [secret (derive-tokens-secret (:secret-key sprops)) (let [secret (derive-tokens-secret (:secret-key props))
cfg (assoc cfg ::secret secret)] cfg (assoc cfg ::secret secret)]
(fn [action params] (fn [action params]
(case action (case action