Add read JWT_PRIVATE_KEY (#690)

* Add read JWT_PRIVATE_KEY

* Go add read JWT_PRIVATE_KEY

* Add seahub_settings.py

---------

Co-authored-by: 杨赫然 <[email protected]>

ci/run.py

@@ -62,6 +62,8 @@ def _env_add(*a, **kw):
     _env_add('PKG_CONFIG_PATH', ccnet_dir)
     _env_add('LD_LIBRARY_PATH', join(PREFIX, 'lib'))
 
+    _env_add('JWT_PRIVATE_KEY', '@%ukmcl$k=9u-grs4azdljk(sn0kd!=mzc17xd7x8#!u$1x@kl')
+
     # Prepend the seafile-server/python to PYTHONPATH so we don't need to "make
     # install" each time after editing python files.
     _env_add('PYTHONPATH', join(SeafileServer().projectdir, 'python'))

common/seaf-utils.c

@@ -386,46 +386,34 @@ load_ccnet_database_config (SeafileSession *session)
 
 #ifdef FULL_FEATURE
 
-void
-load_seahub_private_key (SeafileSession *session, const char *conf_dir)
+int
+load_seahub_config (SeafileSession *session, const char *conf_dir)
 {
     char *conf_path = g_build_filename(conf_dir, "seahub_settings.py", NULL);
     char *data = NULL;
-    GRegex *secret_key_regex = NULL;
     GRegex *site_root_regex = NULL;
     GError *error = NULL;
+    int ret = 0;
 
     FILE *file = fopen(conf_path, "r");
     if (!file) {
+        ret = -1;
         seaf_warning ("Failed to open seahub_settings.py: %s\n", strerror(errno));
         goto out;
     }
 
-    secret_key_regex = g_regex_new ("SECRET_KEY\\s*=\\s*'(.+)'", 0, 0, &error);
-    if (error) {
-        g_clear_error (&error);
-        seaf_warning ("Failed to create secret key regex: %s\n", error->message);
-        goto out;
-    }
-
     site_root_regex = g_regex_new ("SITE_ROOT\\s*=\\s*'(.+)'", 0, 0, &error);
     if (error) {
         g_clear_error (&error);
+        ret = -1;
         seaf_warning ("Failed to create site root regex: %s\n", error->message);
         goto out;
     }
 
     char line[256];
     char *site_root = NULL;
     while (fgets(line, sizeof(line), file)) {
-        GMatchInfo *match_info = NULL;
-        if (g_regex_match (secret_key_regex, line, 0, &match_info)) {
-            char *sk = g_match_info_fetch (match_info, 1);
-            session->seahub_pk = sk;
-        }
-        g_match_info_free (match_info);
-        match_info = NULL;
-
+        GMatchInfo *match_info;
         if (g_regex_match (site_root_regex, line, 0, &match_info)) {
             site_root = g_match_info_fetch (match_info, 1);
         }
@@ -445,12 +433,12 @@ load_seahub_private_key (SeafileSession *session, const char *conf_dir)
     g_free (site_root);
 
 out:
-    if (secret_key_regex)
-        g_regex_unref (secret_key_regex);
     if (site_root_regex)
         g_regex_unref (site_root_regex);
     g_free (conf_path);
     g_free (data);
+
+    return ret;
 }
 
 char *

common/seaf-utils.h

@@ -17,8 +17,8 @@ int
 load_ccnet_database_config (struct _SeafileSession *session);
 
 #ifdef FULL_FEATURE
-void
-load_seahub_private_key (SeafileSession *session, const char *conf_dir);
+int
+load_seahub_config (SeafileSession *session, const char *conf_dir);
 #endif
 
 char *

fileserver/fileserver.go

@@ -266,51 +266,42 @@ func loadSeafileDB() {
 	dbType = dbEngine
 }
 
-func loadSeahubPK() {
+func loadSeahubConfig() error {
+	seahubPK = os.Getenv("JWT_PRIVATE_KEY")
+	if seahubPK == "" {
+		return fmt.Errorf("failed to read JWT_PRIVATE_KEY")
+	}
 	confPath := filepath.Join(centralDir, "seahub_settings.py")
 
 	file, err := os.Open(confPath)
 	if err != nil {
-		log.Warnf("Failed to open seahub_settings.py: %v", err)
-		return
+		return fmt.Errorf("Failed to open seahub_settings.py: %v", err)
 	}
 	defer file.Close()
 
 	scanner := bufio.NewScanner(file)
 
-	pkExp := "SECRET_KEY\\s*=\\s*'([^']*)'"
-	pkRe, err := regexp.Compile(pkExp)
-	if err != nil {
-		log.Warnf("Failed to compile regex: %v", err)
-		return
-	}
 	siteRootExpr := "SITE_ROOT\\s*=\\s*'([^']*)'"
 	siteRootRe, err := regexp.Compile(siteRootExpr)
 	if err != nil {
-		log.Warnf("Failed to compile regex: %v", err)
-		return
+		return fmt.Errorf("Failed to compile regex: %v", err)
 	}
 
 	siteRoot := ""
 	for scanner.Scan() {
 		line := scanner.Text()
-		matches := pkRe.FindStringSubmatch(line)
-		if matches != nil {
-			seahubPK = matches[1]
-		}
-		matches = siteRootRe.FindStringSubmatch(line)
+		matches := siteRootRe.FindStringSubmatch(line)
 		if matches != nil {
 			siteRoot = matches[1]
 		}
 	}
 	if siteRoot != "" {
 		seahubURL = fmt.Sprintf("http://127.0.0.1:8000%sapi/v2.1/internal", siteRoot)
 	} else {
-		seahubURL = ("http://127.0.0.1:8000/api/v2.1/internal")
-	}
-	if seahubPK == "" {
-		log.Warnf("No seahub private key is configured")
+		seahubURL = "http://127.0.0.1:8000/api/v2.1/internal"
 	}
+
+	return nil
 }
 
 func writePidFile(pid_file_path string) error {
@@ -411,7 +402,9 @@ func main() {
 		fp.Close()
 	}
 
-	loadSeahubPK()
+	if err := loadSeahubConfig(); err != nil {
+		log.Fatalf("Failed to read seahub config: %v", err)
+	}
 
 	repomgr.Init(seafileDB)
 

server/seaf-server.c

@@ -1195,7 +1195,7 @@ test_seafile_config(const char *central_config_dir, const char *config_dir, cons
 
     event_init ();
 
-    seaf = seafile_session_new (central_config_dir, seafile_dir, config_dir);
+    seaf = seafile_session_new (central_config_dir, seafile_dir, config_dir, NULL);
     if (!seaf) {
         fprintf (stderr, "Error: failed to create ccnet session\n");
         return -1;
@@ -1220,6 +1220,7 @@ main (int argc, char **argv)
     int daemon_mode = 1;
     gboolean test_config = FALSE;
     char *repo_id = NULL;
+    const char *private_key = NULL;
 
 #ifdef WIN32
     argv = get_argv_utf8 (&argc);
@@ -1315,6 +1316,12 @@ main (int argc, char **argv)
         debug_str = g_getenv("SEAFILE_DEBUG");
     seafile_debug_set_flags_string (debug_str);
 
+    private_key = g_getenv("JWT_PRIVATE_KEY");
+    if (!private_key) {
+        seaf_warning ("Failed to read JWT_PRIVATE_KEY.\n");
+        exit (1);
+    }
+
     if (seafile_dir == NULL)
         seafile_dir = g_build_filename (ccnet_dir, "seafile", NULL);
     if (logfile == NULL)
@@ -1337,7 +1344,7 @@ main (int argc, char **argv)
         exit (0);
     }
 
-    seaf = seafile_session_new (central_config_dir, seafile_dir, ccnet_dir);
+    seaf = seafile_session_new (central_config_dir, seafile_dir, ccnet_dir, private_key);
     if (!seaf) {
         seaf_warning ("Failed to create seafile session.\n");
         exit (1);

server/seafile-session.c

@@ -107,7 +107,8 @@ load_fileserver_config (SeafileSession *session)
 SeafileSession *
 seafile_session_new(const char *central_config_dir,
                     const char *seafile_dir,
-                    const char *ccnet_dir)
+                    const char *ccnet_dir,
+                    const char *private_key)
 {
     char *abs_central_config_dir = NULL;
     char *abs_seafile_dir;
@@ -218,7 +219,11 @@ seafile_session_new(const char *central_config_dir,
         goto onerror;
     }
 
-    load_seahub_private_key (session, abs_central_config_dir ? abs_central_config_dir : abs_seafile_dir);
+    session->seahub_pk = g_strdup (private_key);
+    if (load_seahub_config (session, abs_central_config_dir ? abs_central_config_dir : abs_seafile_dir) < 0) {
+        seaf_warning ("Failed to load seahub config.\n");
+        goto onerror;
+    }
 
     session->cfg_mgr = seaf_cfg_manager_new (session);
     if (!session->cfg_mgr)

server/seafile-session.h

@@ -103,7 +103,8 @@ extern SeafileSession *seaf;
 SeafileSession *
 seafile_session_new(const char *central_config_dir, 
                     const char *seafile_dir,
-                    const char *ccnet_dir);
+                    const char *ccnet_dir,
+                    const char *private_key);
 
 SeafileSession *
 seafile_repair_session_new(const char *central_config_dir,

tests/conf/seahub_settings.py

@@ -1,2 +1 @@
-SECRET_KEY='122h5qj(4&n2712ybr$0mn8x!#sz&(w2w*-zrxe&$!yrzbu9'
 SITE_ROOT= '/seahub/'