mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-05-02 22:03:09 +02:00
Fallback to common shared secret if none is set for backends.
Only applies to static backend configuration.
This commit is contained in:
parent
0591be1bad
commit
042a78f99d
|
@ -617,3 +617,54 @@ func TestBackendConfiguration_Etcd(t *testing.T) {
|
|||
t.Errorf("Should have removed host information for %s", "domain1.invalid")
|
||||
}
|
||||
}
|
||||
|
||||
func TestBackendCommonSecret(t *testing.T) {
|
||||
u1, err := url.Parse("http://domain1.invalid")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
u2, err := url.Parse("http://domain2.invalid")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
original_config := goconf.NewConfigFile()
|
||||
original_config.AddOption("backend", "backends", "backend1, backend2")
|
||||
original_config.AddOption("backend", "secret", string(testBackendSecret))
|
||||
original_config.AddOption("backend1", "url", u1.String())
|
||||
original_config.AddOption("backend2", "url", u2.String())
|
||||
original_config.AddOption("backend2", "secret", string(testBackendSecret)+"-backend2")
|
||||
cfg, err := NewBackendConfiguration(original_config, nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if b1 := cfg.GetBackend(u1); b1 == nil {
|
||||
t.Error("didn't get backend")
|
||||
} else if !bytes.Equal(b1.Secret(), testBackendSecret) {
|
||||
t.Errorf("expected secret %s, got %s", string(testBackendSecret), string(b1.Secret()))
|
||||
}
|
||||
if b2 := cfg.GetBackend(u2); b2 == nil {
|
||||
t.Error("didn't get backend")
|
||||
} else if !bytes.Equal(b2.Secret(), []byte(string(testBackendSecret)+"-backend2")) {
|
||||
t.Errorf("expected secret %s, got %s", string(testBackendSecret)+"-backend2", string(b2.Secret()))
|
||||
}
|
||||
|
||||
updated_config := goconf.NewConfigFile()
|
||||
updated_config.AddOption("backend", "backends", "backend1, backend2")
|
||||
updated_config.AddOption("backend", "secret", string(testBackendSecret))
|
||||
updated_config.AddOption("backend1", "url", u1.String())
|
||||
updated_config.AddOption("backend1", "secret", string(testBackendSecret)+"-backend1")
|
||||
updated_config.AddOption("backend2", "url", u2.String())
|
||||
cfg.Reload(updated_config)
|
||||
|
||||
if b1 := cfg.GetBackend(u1); b1 == nil {
|
||||
t.Error("didn't get backend")
|
||||
} else if !bytes.Equal(b1.Secret(), []byte(string(testBackendSecret)+"-backend1")) {
|
||||
t.Errorf("expected secret %s, got %s", string(testBackendSecret)+"-backend1", string(b1.Secret()))
|
||||
}
|
||||
if b2 := cfg.GetBackend(u2); b2 == nil {
|
||||
t.Error("didn't get backend")
|
||||
} else if !bytes.Equal(b2.Secret(), testBackendSecret) {
|
||||
t.Errorf("expected secret %s, got %s", string(testBackendSecret), string(b2.Secret()))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -66,7 +66,7 @@ func NewBackendStorageStatic(config *goconf.ConfigFile) (BackendStorage, error)
|
|||
}
|
||||
numBackends++
|
||||
} else if backendIds, _ := config.GetString("backend", "backends"); backendIds != "" {
|
||||
for host, configuredBackends := range getConfiguredHosts(backendIds, config) {
|
||||
for host, configuredBackends := range getConfiguredHosts(backendIds, config, commonSecret) {
|
||||
backends[host] = append(backends[host], configuredBackends...)
|
||||
for _, be := range configuredBackends {
|
||||
log.Printf("Backend %s added for %s", be.id, be.url)
|
||||
|
@ -196,7 +196,7 @@ func getConfiguredBackendIDs(backendIds string) (ids []string) {
|
|||
return ids
|
||||
}
|
||||
|
||||
func getConfiguredHosts(backendIds string, config *goconf.ConfigFile) (hosts map[string][]*Backend) {
|
||||
func getConfiguredHosts(backendIds string, config *goconf.ConfigFile, commonSecret string) (hosts map[string][]*Backend) {
|
||||
hosts = make(map[string][]*Backend)
|
||||
for _, id := range getConfiguredBackendIDs(backendIds) {
|
||||
u, _ := config.GetString(id, "url")
|
||||
|
@ -220,6 +220,10 @@ func getConfiguredHosts(backendIds string, config *goconf.ConfigFile) (hosts map
|
|||
}
|
||||
|
||||
secret, _ := config.GetString(id, "secret")
|
||||
if secret == "" && commonSecret != "" {
|
||||
log.Printf("Backend %s has no own shared secret set, using common shared secret", id)
|
||||
secret = commonSecret
|
||||
}
|
||||
if u == "" || secret == "" {
|
||||
log.Printf("Backend %s is missing or incomplete, skipping", id)
|
||||
continue
|
||||
|
@ -269,8 +273,10 @@ func (s *backendStorageStatic) Reload(config *goconf.ConfigFile) {
|
|||
return
|
||||
}
|
||||
|
||||
commonSecret, _ := config.GetString("backend", "secret")
|
||||
|
||||
if backendIds, _ := config.GetString("backend", "backends"); backendIds != "" {
|
||||
configuredHosts := getConfiguredHosts(backendIds, config)
|
||||
configuredHosts := getConfiguredHosts(backendIds, config, commonSecret)
|
||||
|
||||
// remove backends that are no longer configured
|
||||
for hostname := range s.backends {
|
||||
|
|
|
@ -86,9 +86,10 @@ internalsecret = the-shared-secret-for-internal-clients
|
|||
# only be used while running the benchmark client against the server.
|
||||
allowall = false
|
||||
|
||||
# Common shared secret for requests from and to the backend servers if
|
||||
# "allowall" is enabled. This must be the same value as configured in the
|
||||
# Nextcloud admin ui.
|
||||
# Common shared secret for requests from and to the backend servers. Used if
|
||||
# "allowall" is enabled or as fallback for individual backends that don't have
|
||||
# their own secret set.
|
||||
# This must be the same value as configured in the Nextcloud admin ui.
|
||||
#secret = the-shared-secret-for-allowall
|
||||
|
||||
# Timeout in seconds for requests to the backend.
|
||||
|
@ -109,8 +110,9 @@ connectionsperhost = 8
|
|||
# URL of the Nextcloud instance
|
||||
#url = https://cloud.domain.invalid
|
||||
|
||||
# Shared secret for requests from and to the backend servers. This must be the
|
||||
# same value as configured in the Nextcloud admin ui.
|
||||
# Shared secret for requests from and to the backend servers. Leave empty to use
|
||||
# the common shared secret from above.
|
||||
# This must be the same value as configured in the Nextcloud admin ui.
|
||||
#secret = the-shared-secret
|
||||
|
||||
# Limit the number of sessions that are allowed to connect to this backend.
|
||||
|
@ -129,8 +131,9 @@ connectionsperhost = 8
|
|||
# URL of the Nextcloud instance
|
||||
#url = https://cloud.otherdomain.invalid
|
||||
|
||||
# Shared secret for requests from and to the backend servers. This must be the
|
||||
# same value as configured in the Nextcloud admin ui.
|
||||
# Shared secret for requests from and to the backend servers. Leave empty to use
|
||||
# the common shared secret from above.
|
||||
# This must be the same value as configured in the Nextcloud admin ui.
|
||||
#secret = the-shared-secret
|
||||
|
||||
[nats]
|
||||
|
|
Loading…
Reference in a new issue