mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-05-10 17:46:33 +02:00
Fallback to common shared secret if none is set for backends.
Only applies to static backend configuration.
This commit is contained in:
parent
0591be1bad
commit
042a78f99d
|
@ -617,3 +617,54 @@ func TestBackendConfiguration_Etcd(t *testing.T) {
|
||||||
t.Errorf("Should have removed host information for %s", "domain1.invalid")
|
t.Errorf("Should have removed host information for %s", "domain1.invalid")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestBackendCommonSecret(t *testing.T) {
|
||||||
|
u1, err := url.Parse("http://domain1.invalid")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
u2, err := url.Parse("http://domain2.invalid")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
original_config := goconf.NewConfigFile()
|
||||||
|
original_config.AddOption("backend", "backends", "backend1, backend2")
|
||||||
|
original_config.AddOption("backend", "secret", string(testBackendSecret))
|
||||||
|
original_config.AddOption("backend1", "url", u1.String())
|
||||||
|
original_config.AddOption("backend2", "url", u2.String())
|
||||||
|
original_config.AddOption("backend2", "secret", string(testBackendSecret)+"-backend2")
|
||||||
|
cfg, err := NewBackendConfiguration(original_config, nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if b1 := cfg.GetBackend(u1); b1 == nil {
|
||||||
|
t.Error("didn't get backend")
|
||||||
|
} else if !bytes.Equal(b1.Secret(), testBackendSecret) {
|
||||||
|
t.Errorf("expected secret %s, got %s", string(testBackendSecret), string(b1.Secret()))
|
||||||
|
}
|
||||||
|
if b2 := cfg.GetBackend(u2); b2 == nil {
|
||||||
|
t.Error("didn't get backend")
|
||||||
|
} else if !bytes.Equal(b2.Secret(), []byte(string(testBackendSecret)+"-backend2")) {
|
||||||
|
t.Errorf("expected secret %s, got %s", string(testBackendSecret)+"-backend2", string(b2.Secret()))
|
||||||
|
}
|
||||||
|
|
||||||
|
updated_config := goconf.NewConfigFile()
|
||||||
|
updated_config.AddOption("backend", "backends", "backend1, backend2")
|
||||||
|
updated_config.AddOption("backend", "secret", string(testBackendSecret))
|
||||||
|
updated_config.AddOption("backend1", "url", u1.String())
|
||||||
|
updated_config.AddOption("backend1", "secret", string(testBackendSecret)+"-backend1")
|
||||||
|
updated_config.AddOption("backend2", "url", u2.String())
|
||||||
|
cfg.Reload(updated_config)
|
||||||
|
|
||||||
|
if b1 := cfg.GetBackend(u1); b1 == nil {
|
||||||
|
t.Error("didn't get backend")
|
||||||
|
} else if !bytes.Equal(b1.Secret(), []byte(string(testBackendSecret)+"-backend1")) {
|
||||||
|
t.Errorf("expected secret %s, got %s", string(testBackendSecret)+"-backend1", string(b1.Secret()))
|
||||||
|
}
|
||||||
|
if b2 := cfg.GetBackend(u2); b2 == nil {
|
||||||
|
t.Error("didn't get backend")
|
||||||
|
} else if !bytes.Equal(b2.Secret(), testBackendSecret) {
|
||||||
|
t.Errorf("expected secret %s, got %s", string(testBackendSecret), string(b2.Secret()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -66,7 +66,7 @@ func NewBackendStorageStatic(config *goconf.ConfigFile) (BackendStorage, error)
|
||||||
}
|
}
|
||||||
numBackends++
|
numBackends++
|
||||||
} else if backendIds, _ := config.GetString("backend", "backends"); backendIds != "" {
|
} else if backendIds, _ := config.GetString("backend", "backends"); backendIds != "" {
|
||||||
for host, configuredBackends := range getConfiguredHosts(backendIds, config) {
|
for host, configuredBackends := range getConfiguredHosts(backendIds, config, commonSecret) {
|
||||||
backends[host] = append(backends[host], configuredBackends...)
|
backends[host] = append(backends[host], configuredBackends...)
|
||||||
for _, be := range configuredBackends {
|
for _, be := range configuredBackends {
|
||||||
log.Printf("Backend %s added for %s", be.id, be.url)
|
log.Printf("Backend %s added for %s", be.id, be.url)
|
||||||
|
@ -196,7 +196,7 @@ func getConfiguredBackendIDs(backendIds string) (ids []string) {
|
||||||
return ids
|
return ids
|
||||||
}
|
}
|
||||||
|
|
||||||
func getConfiguredHosts(backendIds string, config *goconf.ConfigFile) (hosts map[string][]*Backend) {
|
func getConfiguredHosts(backendIds string, config *goconf.ConfigFile, commonSecret string) (hosts map[string][]*Backend) {
|
||||||
hosts = make(map[string][]*Backend)
|
hosts = make(map[string][]*Backend)
|
||||||
for _, id := range getConfiguredBackendIDs(backendIds) {
|
for _, id := range getConfiguredBackendIDs(backendIds) {
|
||||||
u, _ := config.GetString(id, "url")
|
u, _ := config.GetString(id, "url")
|
||||||
|
@ -220,6 +220,10 @@ func getConfiguredHosts(backendIds string, config *goconf.ConfigFile) (hosts map
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, _ := config.GetString(id, "secret")
|
secret, _ := config.GetString(id, "secret")
|
||||||
|
if secret == "" && commonSecret != "" {
|
||||||
|
log.Printf("Backend %s has no own shared secret set, using common shared secret", id)
|
||||||
|
secret = commonSecret
|
||||||
|
}
|
||||||
if u == "" || secret == "" {
|
if u == "" || secret == "" {
|
||||||
log.Printf("Backend %s is missing or incomplete, skipping", id)
|
log.Printf("Backend %s is missing or incomplete, skipping", id)
|
||||||
continue
|
continue
|
||||||
|
@ -269,8 +273,10 @@ func (s *backendStorageStatic) Reload(config *goconf.ConfigFile) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
commonSecret, _ := config.GetString("backend", "secret")
|
||||||
|
|
||||||
if backendIds, _ := config.GetString("backend", "backends"); backendIds != "" {
|
if backendIds, _ := config.GetString("backend", "backends"); backendIds != "" {
|
||||||
configuredHosts := getConfiguredHosts(backendIds, config)
|
configuredHosts := getConfiguredHosts(backendIds, config, commonSecret)
|
||||||
|
|
||||||
// remove backends that are no longer configured
|
// remove backends that are no longer configured
|
||||||
for hostname := range s.backends {
|
for hostname := range s.backends {
|
||||||
|
|
|
@ -86,9 +86,10 @@ internalsecret = the-shared-secret-for-internal-clients
|
||||||
# only be used while running the benchmark client against the server.
|
# only be used while running the benchmark client against the server.
|
||||||
allowall = false
|
allowall = false
|
||||||
|
|
||||||
# Common shared secret for requests from and to the backend servers if
|
# Common shared secret for requests from and to the backend servers. Used if
|
||||||
# "allowall" is enabled. This must be the same value as configured in the
|
# "allowall" is enabled or as fallback for individual backends that don't have
|
||||||
# Nextcloud admin ui.
|
# their own secret set.
|
||||||
|
# This must be the same value as configured in the Nextcloud admin ui.
|
||||||
#secret = the-shared-secret-for-allowall
|
#secret = the-shared-secret-for-allowall
|
||||||
|
|
||||||
# Timeout in seconds for requests to the backend.
|
# Timeout in seconds for requests to the backend.
|
||||||
|
@ -109,8 +110,9 @@ connectionsperhost = 8
|
||||||
# URL of the Nextcloud instance
|
# URL of the Nextcloud instance
|
||||||
#url = https://cloud.domain.invalid
|
#url = https://cloud.domain.invalid
|
||||||
|
|
||||||
# Shared secret for requests from and to the backend servers. This must be the
|
# Shared secret for requests from and to the backend servers. Leave empty to use
|
||||||
# same value as configured in the Nextcloud admin ui.
|
# the common shared secret from above.
|
||||||
|
# This must be the same value as configured in the Nextcloud admin ui.
|
||||||
#secret = the-shared-secret
|
#secret = the-shared-secret
|
||||||
|
|
||||||
# Limit the number of sessions that are allowed to connect to this backend.
|
# Limit the number of sessions that are allowed to connect to this backend.
|
||||||
|
@ -129,8 +131,9 @@ connectionsperhost = 8
|
||||||
# URL of the Nextcloud instance
|
# URL of the Nextcloud instance
|
||||||
#url = https://cloud.otherdomain.invalid
|
#url = https://cloud.otherdomain.invalid
|
||||||
|
|
||||||
# Shared secret for requests from and to the backend servers. This must be the
|
# Shared secret for requests from and to the backend servers. Leave empty to use
|
||||||
# same value as configured in the Nextcloud admin ui.
|
# the common shared secret from above.
|
||||||
|
# This must be the same value as configured in the Nextcloud admin ui.
|
||||||
#secret = the-shared-secret
|
#secret = the-shared-secret
|
||||||
|
|
||||||
[nats]
|
[nats]
|
||||||
|
|
Loading…
Reference in a new issue