haiwen/seafile-server
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server.git synced 2025-09-25 06:25:13 +00:00
Code Issues Releases Wiki Activity

Delete seafile_auth_token option (#594)

Browse Source 
Co-authored-by: 杨赫然 <heran.yang@seafile.com>
This commit is contained in:
feiniks
2023-02-11 10:54:50 +08:00
committed by GitHub
parent 4a21c835d3
commit 0b5b0bf43c
4 changed files with 76 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
notification-server/server.go
View File

@@ -10,7 +10,9 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"time"
"github.com/dgrijalva/jwt-go"
_ "github.com/go-sql-driver/mysql" _ "github.com/go-sql-driver/mysql"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
@@ -21,7 +23,6 @@ import (
var configDir string var configDir string
var logFile, absLogFile string var logFile, absLogFile string
var privateKey string var privateKey string
var notifToken string
var host string var host string
var port uint32 var port uint32
@@ -69,10 +70,6 @@ func loadNotifConfig() {
privateKey = key.String() privateKey = key.String()
} }
if key, err := section.GetKey("seafile_auth_token"); err == nil {
notifToken = key.String()
}
level, err := log.ParseLevel(logLevel) level, err := log.ParseLevel(logLevel)
if err != nil { if err != nil {
log.Info("use the default log level: info") log.Info("use the default log level: info")
@@ -230,7 +227,7 @@ func eventCB(rsp http.ResponseWriter, r *http.Request) *appError {
msg := Message{} msg := Message{}
token := r.Header.Get("Seafile-Repo-Token") token := r.Header.Get("Seafile-Repo-Token")
if token != notifToken { if !checkAuthToken(token) {
return &appError{Error: nil, return &appError{Error: nil,
Message: "Notification token not match", Message: "Notification token not match",
Code: http.StatusBadRequest, Code: http.StatusBadRequest,
@@ -257,6 +254,27 @@ func eventCB(rsp http.ResponseWriter, r *http.Request) *appError {
return nil return nil
} }
func checkAuthToken(tokenString string) bool {
if len(tokenString) == 0 {
return false
}
claims := new(myClaims)
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
return []byte(privateKey), nil
})
if err != nil {
return false
}
if !token.Valid {
return false
}
now := time.Now()
return claims.Exp > now.Unix()
}
func newUpgrader() *websocket.Upgrader { func newUpgrader() *websocket.Upgrader {
upgrader := &websocket.Upgrader{ upgrader := &websocket.Upgrader{
ReadBufferSize: 4096, ReadBufferSize: 4096,

53
server/notif-mgr.c
View File

@@ -4,6 +4,7 @@
#include <jansson.h> #include <jansson.h>
#include <timer.h> #include <timer.h>
#include <jwt.h>
#include "seafile-session.h" #include "seafile-session.h"
#include "http-tx-mgr.h" #include "http-tx-mgr.h"
@@ -15,10 +16,10 @@
#include "log.h" #include "log.h"
#define NOTIF_TIMEOUT_SEC 1 #define NOTIF_TIMEOUT_SEC 1
#define JWT_TOKEN_EXPIRE_TIME 300 /* 5 minutes */
struct _NotifPriv { struct _NotifPriv {
char *notif_url; char *notif_url;
char *notif_token;
ConnectionPool *connection_pool; ConnectionPool *connection_pool;
}; };
@@ -30,7 +31,7 @@ typedef struct Event {
} Event; } Event;
NotifManager * NotifManager *
seaf_notif_manager_new (struct _SeafileSession *seaf, char *url, char *token) seaf_notif_manager_new (struct _SeafileSession *seaf, char *url)
{ {
NotifManager *mgr = g_new0 (NotifManager, 1); NotifManager *mgr = g_new0 (NotifManager, 1);
mgr->seaf = seaf; mgr->seaf = seaf;
@@ -45,12 +46,48 @@ seaf_notif_manager_new (struct _SeafileSession *seaf, char *url, char *token)
} }
priv->notif_url = url; priv->notif_url = url;
priv->notif_token = token;
mgr->priv = priv; mgr->priv = priv;
return mgr; return mgr;
} }
static char *
gen_jwt_token ()
{
char *jwt_token = NULL;
gint64 now = (gint64)time(NULL);
jwt_t *jwt = NULL;
if (!seaf->private_key) {
seaf_warning ("No private key is configured for generating jwt token\n");
return NULL;
}
int ret = jwt_new (&jwt);
if (ret != 0 || jwt == NULL) {
seaf_warning ("Failed to create jwt\n");
goto out;
}
ret = jwt_add_grant_int (jwt, "exp", now + JWT_TOKEN_EXPIRE_TIME);
if (ret != 0) {
seaf_warning ("Failed to expire time to jwt\n");
goto out;
}
ret = jwt_set_alg (jwt, JWT_ALG_HS256, (unsigned char *)seaf->private_key, strlen(seaf->private_key));
if (ret != 0) {
seaf_warning ("Failed to set alg\n");
goto out;
}
jwt_token = jwt_encode_str (jwt);
out:
jwt_free (jwt);
return jwt_token;
}
static void* static void*
send_event (void *data) send_event (void *data)
{ {
@@ -59,9 +96,16 @@ send_event (void *data)
Connection *conn = NULL; Connection *conn = NULL;
int rsp_status; int rsp_status;
char *req_url = NULL; char *req_url = NULL;
char *jwt_token = NULL;
jwt_token = gen_jwt_token ();
if (!jwt_token) {
return event;
}
conn = connection_pool_get_connection (priv->connection_pool); conn = connection_pool_get_connection (priv->connection_pool);
if (!conn) { if (!conn) {
g_free (jwt_token);
seaf_warning ("Failed to get connection: out of memory.\n"); seaf_warning ("Failed to get connection: out of memory.\n");
return event; return event;
} }
@@ -70,7 +114,7 @@ send_event (void *data)
int ret; int ret;
ret = http_post (conn, req_url, priv->notif_token, event->msg, strlen (event->msg), ret = http_post (conn, req_url, jwt_token, event->msg, strlen (event->msg),
&rsp_status, NULL, NULL, TRUE, NOTIF_TIMEOUT_SEC); &rsp_status, NULL, NULL, TRUE, NOTIF_TIMEOUT_SEC);
if (ret < 0) { if (ret < 0) {
goto out; goto out;
@@ -82,6 +126,7 @@ send_event (void *data)
} }
out: out:
g_free (jwt_token);
g_free (req_url); g_free (req_url);
connection_pool_return_connection (priv->connection_pool, conn); connection_pool_return_connection (priv->connection_pool, conn);

2
server/notif-mgr.h
View File

@@ -10,7 +10,7 @@ struct _NotifManager {
typedef struct _NotifManager NotifManager; typedef struct _NotifManager NotifManager;
NotifManager * NotifManager *
seaf_notif_manager_new (struct _SeafileSession *seaf, char *url, char *token); seaf_notif_manager_new (struct _SeafileSession *seaf, char *url);
void void
seaf_notif_manager_send_event (NotifManager *mgr, seaf_notif_manager_send_event (NotifManager *mgr,

10
server/seafile-session.c
View File

@@ -47,7 +47,6 @@ seafile_session_new(const char *central_config_dir,
gboolean notif_enabled = FALSE; gboolean notif_enabled = FALSE;
char *notif_server = NULL; char *notif_server = NULL;
int notif_port = 8083; int notif_port = 8083;
char *notif_token = NULL;
char *private_key = NULL; char *private_key = NULL;
abs_ccnet_dir = ccnet_expand_path (ccnet_dir); abs_ccnet_dir = ccnet_expand_path (ccnet_dir);
@@ -139,10 +138,6 @@ seafile_session_new(const char *central_config_dir,
"notification", "port", "notification", "port",
NULL); NULL);
notif_token = g_key_file_get_string (config,
"notification", "seafile_auth_token",
NULL);
private_key = g_key_file_get_string (config, private_key = g_key_file_get_string (config,
"notification", "jwt_private_key", "notification", "jwt_private_key",
NULL); NULL);
@@ -230,10 +225,10 @@ seafile_session_new(const char *central_config_dir,
if (!session->org_mgr) if (!session->org_mgr)
goto onerror; goto onerror;
if (notif_enabled && notif_server != NULL && notif_token != NULL) { if (notif_enabled && notif_server != NULL) {
char notif_url[128]; char notif_url[128];
g_sprintf (notif_url, "%s:%d", notif_server, notif_port); g_sprintf (notif_url, "%s:%d", notif_server, notif_port);
session->notif_mgr = seaf_notif_manager_new (session, g_strdup (notif_url), notif_token); session->notif_mgr = seaf_notif_manager_new (session, g_strdup (notif_url));
if (!session->notif_mgr) { if (!session->notif_mgr) {
g_free (notif_url); g_free (notif_url);
goto onerror; goto onerror;
@@ -244,7 +239,6 @@ seafile_session_new(const char *central_config_dir,
onerror: onerror:
g_free (notif_server); g_free (notif_server);
g_free (notif_token);
g_free (private_key); g_free (private_key);
free (abs_seafile_dir); free (abs_seafile_dir);
free (abs_ccnet_dir); free (abs_ccnet_dir);