Skip to content

Commit

Permalink
Merge pull request #1596 from nextcloud/enh/noid/pre-generate-secrets
Browse files Browse the repository at this point in the history 
secrets should only get generated if defined in secrets of container.…
  • Loading branch information
@szaimen
szaimen authored Dec 30, 2022
2 parents 209d2e0 + 27bd5ce commit 9c968d3
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 5 deletions.
4 changes: 2 additions & 2 deletions php/public/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@
return $view->render($response, 'containers.twig', [
'domain' => $configurationManager->GetDomain(),
'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
Expand Down
13 changes: 11 additions & 2 deletions php/src/Data/ConfigurationManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ public function SetPassword(string $password) : void {
$this->WriteConfig($config);
}

public function GetSecret(string $secretId) : string {
public function GetAndGenerateSecret(string $secretId) : string {
$config = $this->GetConfig();
if(!isset($config['secrets'][$secretId])) {
$config['secrets'][$secretId] = bin2hex(random_bytes(24));
Expand All @@ -46,6 +46,15 @@ public function GetSecret(string $secretId) : string {
return $config['secrets'][$secretId];
}

public function GetSecret(string $secretId) : string {
$config = $this->GetConfig();
if(!isset($config['secrets'][$secretId])) {
$config['secrets'][$secretId] = "";
}

return $config['secrets'][$secretId];
}

private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
}
Expand Down Expand Up @@ -269,7 +278,7 @@ public function SetDomain(string $domain) : void {
}

// Get Instance ID
$instanceID = $this->GetSecret('INSTANCE_ID');
$instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');

// set protocol
if ($port !== '443') {
Expand Down
10 changes: 9 additions & 1 deletion php/src/Docker/DockerActionManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,10 @@ public function CreateContainer(Container $container) : void {
$requestBody['HostConfig']['Binds'] = $volumes;
}

foreach($container->GetSecrets() as $secret) {
$this->configurationManager->GetAndGenerateSecret($secret);
}

$envs = $container->GetEnvironmentVariables()->GetVariables();
foreach($envs as $key => $env) {
$patterns = ['/%(.*)%/'];
Expand Down Expand Up @@ -335,7 +339,11 @@ public function CreateContainer(Container $container) : void {
} elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
$replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
} else {
$replacements[1] = $this->configurationManager->GetSecret($out[1]);
$secret = $this->configurationManager->GetSecret($out[1]);
if ($secret === "") {
throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
}
$replacements[1] = $secret;
}

$envs[$key] = preg_replace($patterns, $replacements, $env);
Expand Down

0 comments on commit 9c968d3

Please sign in to comment.