|
@@ -27,6 +27,7 @@ import (
|
27
|
27
|
"code.gitea.io/gitea/modules/user"
|
28
|
28
|
|
29
|
29
|
"github.com/Unknwon/com"
|
|
30
|
+ "github.com/dgrijalva/jwt-go"
|
30
|
31
|
_ "github.com/go-macaron/cache/memcache" // memcache plugin for cache
|
31
|
32
|
_ "github.com/go-macaron/cache/redis"
|
32
|
33
|
"github.com/go-macaron/session"
|
|
@@ -442,14 +443,15 @@ var (
|
442
|
443
|
ShowFooterTemplateLoadTime bool
|
443
|
444
|
|
444
|
445
|
// Global setting objects
|
445
|
|
- Cfg *ini.File
|
446
|
|
- CustomPath string // Custom directory path
|
447
|
|
- CustomConf string
|
448
|
|
- CustomPID string
|
449
|
|
- ProdMode bool
|
450
|
|
- RunUser string
|
451
|
|
- IsWindows bool
|
452
|
|
- HasRobotsTxt bool
|
|
446
|
+ Cfg *ini.File
|
|
447
|
+ CustomPath string // Custom directory path
|
|
448
|
+ CustomConf string
|
|
449
|
+ CustomPID string
|
|
450
|
+ ProdMode bool
|
|
451
|
+ RunUser string
|
|
452
|
+ IsWindows bool
|
|
453
|
+ HasRobotsTxt bool
|
|
454
|
+ InternalToken string // internal access token
|
453
|
455
|
)
|
454
|
456
|
|
455
|
457
|
// DateLang transforms standard language locale name to corresponding value in datetime plugin.
|
|
@@ -764,6 +766,43 @@ please consider changing to GITEA_CUSTOM`)
|
764
|
766
|
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
|
765
|
767
|
MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
|
766
|
768
|
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
|
|
769
|
+ InternalToken = sec.Key("INTERNAL_TOKEN").String()
|
|
770
|
+ if len(InternalToken) == 0 {
|
|
771
|
+ secretBytes := make([]byte, 32)
|
|
772
|
+ _, err := io.ReadFull(rand.Reader, secretBytes)
|
|
773
|
+ if err != nil {
|
|
774
|
+ log.Fatal(4, "Error reading random bytes: %v", err)
|
|
775
|
+ }
|
|
776
|
+
|
|
777
|
+ secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
|
|
778
|
+
|
|
779
|
+ now := time.Now()
|
|
780
|
+ InternalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
781
|
+ "nbf": now.Unix(),
|
|
782
|
+ }).SignedString([]byte(secretKey))
|
|
783
|
+
|
|
784
|
+ if err != nil {
|
|
785
|
+ log.Fatal(4, "Error generate internal token: %v", err)
|
|
786
|
+ }
|
|
787
|
+
|
|
788
|
+ // Save secret
|
|
789
|
+ cfgSave := ini.Empty()
|
|
790
|
+ if com.IsFile(CustomConf) {
|
|
791
|
+ // Keeps custom settings if there is already something.
|
|
792
|
+ if err := cfgSave.Append(CustomConf); err != nil {
|
|
793
|
+ log.Error(4, "Failed to load custom conf '%s': %v", CustomConf, err)
|
|
794
|
+ }
|
|
795
|
+ }
|
|
796
|
+
|
|
797
|
+ cfgSave.Section("security").Key("INTERNAL_TOKEN").SetValue(InternalToken)
|
|
798
|
+
|
|
799
|
+ if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil {
|
|
800
|
+ log.Fatal(4, "Failed to create '%s': %v", CustomConf, err)
|
|
801
|
+ }
|
|
802
|
+ if err := cfgSave.SaveTo(CustomConf); err != nil {
|
|
803
|
+ log.Fatal(4, "Error saving generated JWT Secret to custom config: %v", err)
|
|
804
|
+ }
|
|
805
|
+ }
|
767
|
806
|
|
768
|
807
|
sec = Cfg.Section("attachment")
|
769
|
808
|
AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
|
|
@@ -940,7 +979,6 @@ var Service struct {
|
940
|
979
|
EnableOpenIDSignUp bool
|
941
|
980
|
OpenIDWhitelist []*regexp.Regexp
|
942
|
981
|
OpenIDBlacklist []*regexp.Regexp
|
943
|
|
-
|
944
|
982
|
}
|
945
|
983
|
|
946
|
984
|
func newService() {
|