diff --git a/ci/run.py b/ci/run.py index 0795c98..89e32d2 100755 --- a/ci/run.py +++ b/ci/run.py @@ -62,6 +62,8 @@ def make_build_env(): _env_add('PKG_CONFIG_PATH', ccnet_dir) _env_add('LD_LIBRARY_PATH', join(PREFIX, 'lib')) + _env_add('JWT_PRIVATE_KEY', '@%ukmcl$k=9u-grs4azdljk(sn0kd!=mzc17xd7x8#!u$1x@kl') + # Prepend the seafile-server/python to PYTHONPATH so we don't need to "make # install" each time after editing python files. _env_add('PYTHONPATH', join(SeafileServer().projectdir, 'python')) diff --git a/common/seaf-utils.c b/common/seaf-utils.c index 6d6e79b..3318434 100644 --- a/common/seaf-utils.c +++ b/common/seaf-utils.c @@ -386,31 +386,26 @@ load_ccnet_database_config (SeafileSession *session) #ifdef FULL_FEATURE -void -load_seahub_private_key (SeafileSession *session, const char *conf_dir) +int +load_seahub_config (SeafileSession *session, const char *conf_dir) { char *conf_path = g_build_filename(conf_dir, "seahub_settings.py", NULL); char *data = NULL; - GRegex *secret_key_regex = NULL; GRegex *site_root_regex = NULL; GError *error = NULL; + int ret = 0; FILE *file = fopen(conf_path, "r"); if (!file) { + ret = -1; seaf_warning ("Failed to open seahub_settings.py: %s\n", strerror(errno)); goto out; } - secret_key_regex = g_regex_new ("SECRET_KEY\\s*=\\s*'(.+)'", 0, 0, &error); - if (error) { - g_clear_error (&error); - seaf_warning ("Failed to create secret key regex: %s\n", error->message); - goto out; - } - site_root_regex = g_regex_new ("SITE_ROOT\\s*=\\s*'(.+)'", 0, 0, &error); if (error) { g_clear_error (&error); + ret = -1; seaf_warning ("Failed to create site root regex: %s\n", error->message); goto out; } @@ -418,14 +413,7 @@ load_seahub_private_key (SeafileSession *session, const char *conf_dir) char line[256]; char *site_root = NULL; while (fgets(line, sizeof(line), file)) { - GMatchInfo *match_info = NULL; - if (g_regex_match (secret_key_regex, line, 0, &match_info)) { - char *sk = g_match_info_fetch (match_info, 1); - session->seahub_pk = sk; - } - g_match_info_free (match_info); - match_info = NULL; - + GMatchInfo *match_info; if (g_regex_match (site_root_regex, line, 0, &match_info)) { site_root = g_match_info_fetch (match_info, 1); } @@ -445,12 +433,12 @@ load_seahub_private_key (SeafileSession *session, const char *conf_dir) g_free (site_root); out: - if (secret_key_regex) - g_regex_unref (secret_key_regex); if (site_root_regex) g_regex_unref (site_root_regex); g_free (conf_path); g_free (data); + + return ret; } char * diff --git a/common/seaf-utils.h b/common/seaf-utils.h index 7c9349d..e3683b3 100644 --- a/common/seaf-utils.h +++ b/common/seaf-utils.h @@ -17,8 +17,8 @@ int load_ccnet_database_config (struct _SeafileSession *session); #ifdef FULL_FEATURE -void -load_seahub_private_key (SeafileSession *session, const char *conf_dir); +int +load_seahub_config (SeafileSession *session, const char *conf_dir); #endif char * diff --git a/fileserver/fileserver.go b/fileserver/fileserver.go index 409b0fc..7770d10 100644 --- a/fileserver/fileserver.go +++ b/fileserver/fileserver.go @@ -266,39 +266,31 @@ func loadSeafileDB() { dbType = dbEngine } -func loadSeahubPK() { +func loadSeahubConfig() error { + seahubPK = os.Getenv("JWT_PRIVATE_KEY") + if seahubPK == "" { + return fmt.Errorf("failed to read JWT_PRIVATE_KEY") + } confPath := filepath.Join(centralDir, "seahub_settings.py") file, err := os.Open(confPath) if err != nil { - log.Warnf("Failed to open seahub_settings.py: %v", err) - return + return fmt.Errorf("Failed to open seahub_settings.py: %v", err) } defer file.Close() scanner := bufio.NewScanner(file) - pkExp := "SECRET_KEY\\s*=\\s*'([^']*)'" - pkRe, err := regexp.Compile(pkExp) - if err != nil { - log.Warnf("Failed to compile regex: %v", err) - return - } siteRootExpr := "SITE_ROOT\\s*=\\s*'([^']*)'" siteRootRe, err := regexp.Compile(siteRootExpr) if err != nil { - log.Warnf("Failed to compile regex: %v", err) - return + return fmt.Errorf("Failed to compile regex: %v", err) } siteRoot := "" for scanner.Scan() { line := scanner.Text() - matches := pkRe.FindStringSubmatch(line) - if matches != nil { - seahubPK = matches[1] - } - matches = siteRootRe.FindStringSubmatch(line) + matches := siteRootRe.FindStringSubmatch(line) if matches != nil { siteRoot = matches[1] } @@ -306,11 +298,10 @@ func loadSeahubPK() { if siteRoot != "" { seahubURL = fmt.Sprintf("http://127.0.0.1:8000%sapi/v2.1/internal", siteRoot) } else { - seahubURL = ("http://127.0.0.1:8000/api/v2.1/internal") - } - if seahubPK == "" { - log.Warnf("No seahub private key is configured") + seahubURL = "http://127.0.0.1:8000/api/v2.1/internal" } + + return nil } func writePidFile(pid_file_path string) error { @@ -411,7 +402,9 @@ func main() { fp.Close() } - loadSeahubPK() + if err := loadSeahubConfig(); err != nil { + log.Fatalf("Failed to read seahub config: %v", err) + } repomgr.Init(seafileDB) diff --git a/server/seaf-server.c b/server/seaf-server.c index 3d01a48..f04cc4d 100644 --- a/server/seaf-server.c +++ b/server/seaf-server.c @@ -1195,7 +1195,7 @@ test_seafile_config(const char *central_config_dir, const char *config_dir, cons event_init (); - seaf = seafile_session_new (central_config_dir, seafile_dir, config_dir); + seaf = seafile_session_new (central_config_dir, seafile_dir, config_dir, NULL); if (!seaf) { fprintf (stderr, "Error: failed to create ccnet session\n"); return -1; @@ -1220,6 +1220,7 @@ main (int argc, char **argv) int daemon_mode = 1; gboolean test_config = FALSE; char *repo_id = NULL; + const char *private_key = NULL; #ifdef WIN32 argv = get_argv_utf8 (&argc); @@ -1315,6 +1316,12 @@ main (int argc, char **argv) debug_str = g_getenv("SEAFILE_DEBUG"); seafile_debug_set_flags_string (debug_str); + private_key = g_getenv("JWT_PRIVATE_KEY"); + if (!private_key) { + seaf_warning ("Failed to read JWT_PRIVATE_KEY.\n"); + exit (1); + } + if (seafile_dir == NULL) seafile_dir = g_build_filename (ccnet_dir, "seafile", NULL); if (logfile == NULL) @@ -1337,7 +1344,7 @@ main (int argc, char **argv) exit (0); } - seaf = seafile_session_new (central_config_dir, seafile_dir, ccnet_dir); + seaf = seafile_session_new (central_config_dir, seafile_dir, ccnet_dir, private_key); if (!seaf) { seaf_warning ("Failed to create seafile session.\n"); exit (1); diff --git a/server/seafile-session.c b/server/seafile-session.c index 4db9a57..e6c609d 100644 --- a/server/seafile-session.c +++ b/server/seafile-session.c @@ -107,7 +107,8 @@ load_fileserver_config (SeafileSession *session) SeafileSession * seafile_session_new(const char *central_config_dir, const char *seafile_dir, - const char *ccnet_dir) + const char *ccnet_dir, + const char *private_key) { char *abs_central_config_dir = NULL; char *abs_seafile_dir; @@ -218,7 +219,11 @@ seafile_session_new(const char *central_config_dir, goto onerror; } - load_seahub_private_key (session, abs_central_config_dir ? abs_central_config_dir : abs_seafile_dir); + session->seahub_pk = g_strdup (private_key); + if (load_seahub_config (session, abs_central_config_dir ? abs_central_config_dir : abs_seafile_dir) < 0) { + seaf_warning ("Failed to load seahub config.\n"); + goto onerror; + } session->cfg_mgr = seaf_cfg_manager_new (session); if (!session->cfg_mgr) diff --git a/server/seafile-session.h b/server/seafile-session.h index 66c3818..39672c0 100644 --- a/server/seafile-session.h +++ b/server/seafile-session.h @@ -103,7 +103,8 @@ extern SeafileSession *seaf; SeafileSession * seafile_session_new(const char *central_config_dir, const char *seafile_dir, - const char *ccnet_dir); + const char *ccnet_dir, + const char *private_key); SeafileSession * seafile_repair_session_new(const char *central_config_dir, diff --git a/tests/conf/seahub_settings.py b/tests/conf/seahub_settings.py index b7eab82..9ee6979 100644 --- a/tests/conf/seahub_settings.py +++ b/tests/conf/seahub_settings.py @@ -1,2 +1 @@ -SECRET_KEY='122h5qj(4&n2712ybr$0mn8x!#sz&(w2w*-zrxe&$!yrzbu9' SITE_ROOT= '/seahub/'