haiwen/seafile-server
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server.git synced 2025-09-25 06:25:13 +00:00
Code Issues Releases Wiki Activity

Delete seafile_auth_token option (#594)

Browse Source 
Co-authored-by: 杨赫然 <heran.yang@seafile.com>
This commit is contained in:
feiniks
2023-02-11 10:54:50 +08:00
committed by GitHub
parent 4a21c835d3
commit 0b5b0bf43c
4 changed files with 76 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
notification-server/server.go
View File

@@ -10,7 +10,9 @@ import (
"os"
"path/filepath"
"strings"
"time"
"github.com/dgrijalva/jwt-go"
_ "github.com/go-sql-driver/mysql"
"github.com/gorilla/mux"
"github.com/gorilla/websocket"
@@ -21,7 +23,6 @@ import (
var configDir string
var logFile, absLogFile string
var privateKey string
var notifToken string
var host string
var port uint32
@@ -69,10 +70,6 @@ func loadNotifConfig() {
privateKey = key.String()
}
if key, err := section.GetKey("seafile_auth_token"); err == nil {
notifToken = key.String()
}
level, err := log.ParseLevel(logLevel)
if err != nil {
log.Info("use the default log level: info")
@@ -230,7 +227,7 @@ func eventCB(rsp http.ResponseWriter, r *http.Request) *appError {
msg := Message{}
token := r.Header.Get("Seafile-Repo-Token")
if token != notifToken {
if !checkAuthToken(token) {
return &appError{Error: nil,
Message: "Notification token not match",
Code: http.StatusBadRequest,
@@ -257,6 +254,27 @@ func eventCB(rsp http.ResponseWriter, r *http.Request) *appError {
return nil
}
func checkAuthToken(tokenString string) bool {
if len(tokenString) == 0 {
return false
}
claims := new(myClaims)
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
return []byte(privateKey), nil
})
if err != nil {
return false
}
if !token.Valid {
return false
}
now := time.Now()
return claims.Exp > now.Unix()
}
func newUpgrader() *websocket.Upgrader {
upgrader := &websocket.Upgrader{
ReadBufferSize: 4096,

53
server/notif-mgr.c
View File

@@ -4,6 +4,7 @@
#include <jansson.h>
#include <timer.h>
#include <jwt.h>
#include "seafile-session.h"
#include "http-tx-mgr.h"
@@ -15,10 +16,10 @@
#include "log.h"
#define NOTIF_TIMEOUT_SEC 1
#define JWT_TOKEN_EXPIRE_TIME 300 /* 5 minutes */
struct _NotifPriv {
char *notif_url;
char *notif_token;
ConnectionPool *connection_pool;
};
@@ -30,7 +31,7 @@ typedef struct Event {
} Event;
NotifManager *
seaf_notif_manager_new (struct _SeafileSession *seaf, char *url, char *token)
seaf_notif_manager_new (struct _SeafileSession *seaf, char *url)
{
NotifManager *mgr = g_new0 (NotifManager, 1);
mgr->seaf = seaf;
@@ -45,12 +46,48 @@ seaf_notif_manager_new (struct _SeafileSession *seaf, char *url, char *token)
}
priv->notif_url = url;
priv->notif_token = token;
mgr->priv = priv;
return mgr;
}
static char *
gen_jwt_token ()
{
char *jwt_token = NULL;
gint64 now = (gint64)time(NULL);
jwt_t *jwt = NULL;
if (!seaf->private_key) {
seaf_warning ("No private key is configured for generating jwt token\n");
return NULL;
}
int ret = jwt_new (&jwt);
if (ret != 0 || jwt == NULL) {
seaf_warning ("Failed to create jwt\n");
goto out;
}
ret = jwt_add_grant_int (jwt, "exp", now + JWT_TOKEN_EXPIRE_TIME);
if (ret != 0) {
seaf_warning ("Failed to expire time to jwt\n");
goto out;
}
ret = jwt_set_alg (jwt, JWT_ALG_HS256, (unsigned char *)seaf->private_key, strlen(seaf->private_key));
if (ret != 0) {
seaf_warning ("Failed to set alg\n");
goto out;
}
jwt_token = jwt_encode_str (jwt);
out:
jwt_free (jwt);
return jwt_token;
}
static void*
send_event (void *data)
{
@@ -59,9 +96,16 @@ send_event (void *data)
Connection *conn = NULL;
int rsp_status;
char *req_url = NULL;
char *jwt_token = NULL;
jwt_token = gen_jwt_token ();
if (!jwt_token) {
return event;
}
conn = connection_pool_get_connection (priv->connection_pool);
if (!conn) {
g_free (jwt_token);
seaf_warning ("Failed to get connection: out of memory.\n");
return event;
}
@@ -70,7 +114,7 @@ send_event (void *data)
int ret;
ret = http_post (conn, req_url, priv->notif_token, event->msg, strlen (event->msg),
ret = http_post (conn, req_url, jwt_token, event->msg, strlen (event->msg),
&rsp_status, NULL, NULL, TRUE, NOTIF_TIMEOUT_SEC);
if (ret < 0) {
goto out;
@@ -82,6 +126,7 @@ send_event (void *data)
}
out:
g_free (jwt_token);
g_free (req_url);
connection_pool_return_connection (priv->connection_pool, conn);

2
server/notif-mgr.h
View File

@@ -10,7 +10,7 @@ struct _NotifManager {
typedef struct _NotifManager NotifManager;
NotifManager *
seaf_notif_manager_new (struct _SeafileSession *seaf, char *url, char *token);
seaf_notif_manager_new (struct _SeafileSession *seaf, char *url);
void
seaf_notif_manager_send_event (NotifManager *mgr,

10
server/seafile-session.c
View File

@@ -47,7 +47,6 @@ seafile_session_new(const char *central_config_dir,
gboolean notif_enabled = FALSE;
char *notif_server = NULL;
int notif_port = 8083;
char *notif_token = NULL;
char *private_key = NULL;
abs_ccnet_dir = ccnet_expand_path (ccnet_dir);
@@ -139,10 +138,6 @@ seafile_session_new(const char *central_config_dir,
"notification", "port",
NULL);
notif_token = g_key_file_get_string (config,
"notification", "seafile_auth_token",
NULL);
private_key = g_key_file_get_string (config,
"notification", "jwt_private_key",
NULL);
@@ -230,10 +225,10 @@ seafile_session_new(const char *central_config_dir,
if (!session->org_mgr)
goto onerror;
if (notif_enabled && notif_server != NULL && notif_token != NULL) {
if (notif_enabled && notif_server != NULL) {
char notif_url[128];
g_sprintf (notif_url, "%s:%d", notif_server, notif_port);
session->notif_mgr = seaf_notif_manager_new (session, g_strdup (notif_url), notif_token);
session->notif_mgr = seaf_notif_manager_new (session, g_strdup (notif_url));
if (!session->notif_mgr) {
g_free (notif_url);
goto onerror;
@@ -244,7 +239,6 @@ seafile_session_new(const char *central_config_dir,
onerror:
g_free (notif_server);
g_free (notif_token);
g_free (private_key);
free (abs_seafile_dir);
free (abs_ccnet_dir);