use common transfer secrets

2026-02-19 20:19:12 -06:00 · 2022-04-27 14:13:17 +02:00
parent 9095b11d6c
commit b3f55765d8
4 changed files with 30 additions and 16 deletions
--- a/extensions/frontend/pkg/config/defaults/defaultconfig.go
+++ b/extensions/frontend/pkg/config/defaults/defaultconfig.go
@@ -1,6 +1,8 @@
 package defaults

 import (
+	"log"
+
 	"github.com/owncloud/ocis/extensions/frontend/pkg/config"
 )

@@ -37,7 +39,6 @@ func DefaultConfig() *config.Config {
 		UploadMaxChunkSize:       1e+8,
 		UploadHTTPMethodOverride: "",
 		DefaultUploadProtocol:    "tus",
-		TransferSecret:           "replace-me-with-a-transfer-secret",
 		Checksums: config.Checksums{
 			SupportedTypes:      []string{"sha1", "md5", "adler32"},
 			PreferredUploadType: "",
@@ -113,6 +114,12 @@ func EnsureDefaults(cfg *config.Config) {
 	} else if cfg.TokenManager == nil {
 		cfg.TokenManager = &config.TokenManager{}
 	}
+
+	if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
+		cfg.TransferSecret = cfg.Commons.TransferSecret
+	} else {
+		log.Fatalf("reva transfer secret is not set up properly, bailing out (%s)", cfg.Service.Name)
+	}
 }

 func Sanitize(cfg *config.Config) {
--- a/extensions/gateway/pkg/config/defaults/defaultconfig.go
+++ b/extensions/gateway/pkg/config/defaults/defaultconfig.go
@@ -1,6 +1,8 @@
 package defaults

 import (
+	"log"
+
 	"github.com/owncloud/ocis/extensions/gateway/pkg/config"
 )

@@ -35,7 +37,6 @@ func DefaultConfig() *config.Config {
 		CommitShareToStorageRef:    true,
 		ShareFolder:                "Shares",
 		DisableHomeCreationOnLogin: true,
-		TransferSecret:             "replace-me-with-a-transfer-secret",
 		TransferExpires:            24 * 60 * 60,
 		HomeMapping:                "",
 		EtagCacheTTL:               0,
@@ -101,6 +102,12 @@ func EnsureDefaults(cfg *config.Config) {
 	} else if cfg.TokenManager == nil {
 		cfg.TokenManager = &config.TokenManager{}
 	}
+
+	if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
+		cfg.TransferSecret = cfg.Commons.TransferSecret
+	} else {
+		log.Fatalf("reva transfer secret is not set up properly, bailing out (%s)", cfg.Service.Name)
+	}
 }

 func Sanitize(cfg *config.Config) {
--- a/extensions/thumbnails/pkg/service/grpc/v0/service.go
+++ b/extensions/thumbnails/pkg/service/grpc/v0/service.go
@@ -48,8 +48,8 @@ func NewService(opts ...Option) decorators.DecoratedService {
 		preprocessorOpts: PreprocessorOpts{
 			TxtFontFileMap: options.Config.Thumbnail.FontMapFile,
 		},
-		dataEndpoint:        options.Config.Thumbnail.DataEndpoint,
-		transferTokenSecret: options.Config.Thumbnail.TransferSecret,
+		dataEndpoint:   options.Config.Thumbnail.DataEndpoint,
+		transferSecret: options.Config.Thumbnail.TransferSecret,
 	}

 	return svc
@@ -57,15 +57,15 @@ func NewService(opts ...Option) decorators.DecoratedService {

 // Thumbnail implements the GRPC handler.
 type Thumbnail struct {
-	serviceID           string
-	dataEndpoint        string
-	transferTokenSecret string
-	manager             thumbnail.Manager
-	webdavSource        imgsource.Source
-	cs3Source           imgsource.Source
-	logger              log.Logger
-	cs3Client           gateway.GatewayAPIClient
-	preprocessorOpts    PreprocessorOpts
+	serviceID        string
+	dataEndpoint     string
+	transferSecret   string
+	manager          thumbnail.Manager
+	webdavSource     imgsource.Source
+	cs3Source        imgsource.Source
+	logger           log.Logger
+	cs3Client        gateway.GatewayAPIClient
+	preprocessorOpts PreprocessorOpts
 }

 type PreprocessorOpts struct {
@@ -113,7 +113,7 @@ func (g Thumbnail) GetThumbnail(ctx context.Context, req *thumbnailssvc.GetThumb
 	}

 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	transferToken, err := token.SignedString([]byte(g.transferTokenSecret))
+	transferToken, err := token.SignedString([]byte(g.transferSecret))
 	if err != nil {
 		g.logger.Error().
 			Err(err).
--- a/ocis/pkg/command/init.go
+++ b/ocis/pkg/command/init.go
@@ -150,7 +150,7 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 	if err != nil {
 		return fmt.Errorf("could not generate random password for machineauthsecret: %s", err)
 	}
-	revaTransferTokenSecret, err := generators.GenerateRandomPassword(passwordLength)
+	revaTransferSecret, err := generators.GenerateRandomPassword(passwordLength)
 	if err != nil {
 		return fmt.Errorf("could not generate random password for machineauthsecret: %s", err)
 	}
@@ -161,7 +161,7 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 	// TODO: add missing insecure occurences

 	cfg.MachineAuthAPIKey = machineAuthApiKey
-	cfg.TransferSecret = revaTransferTokenSecret
+	cfg.TransferSecret = revaTransferSecret
 	cfg.TokenManager.JWTSecret = tokenManagerJwtSecret
 	//cfg.Commons.TokenManager.JWTSecret = tokenManagerJwtSecret
 	//cfg.Accounts.TokenManager.JWTSecret = tokenManagerJwtSecret