mirror of
https://github.com/ipfs/kubo.git
synced 2025-06-29 17:36:38 +08:00
feat: stop apply command exposing private key over HTTP API
License: MIT Signed-off-by: chenminjian <727180553@qq.com>
This commit is contained in:
chenminjian
committed by
Steven Allen
Steven Allen
parent
2e3cbe3e27
commit
64cdabc88f
@ -23,8 +23,8 @@ import (
|
||||
|
||||
// ConfigUpdateOutput is config profile apply command's output
|
||||
type ConfigUpdateOutput struct {
|
||||
Old config.Config
|
||||
New config.Config
|
||||
OldCfg map[string]interface{}
|
||||
NewCfg map[string]interface{}
|
||||
}
|
||||
|
||||
type ConfigField struct {
|
||||
@ -359,9 +359,22 @@ var configProfileApplyCmd = &cmds.Command{
|
||||
res.SetError(err, cmdkit.ErrNormal)
|
||||
return
|
||||
}
|
||||
|
||||
oldCfgMap, err := scrubPrivKey(oldCfg)
|
||||
if err != nil {
|
||||
res.SetError(err, cmdkit.ErrNormal)
|
||||
return
|
||||
}
|
||||
|
||||
newCfgMap, err := scrubPrivKey(newCfg)
|
||||
if err != nil {
|
||||
res.SetError(err, cmdkit.ErrNormal)
|
||||
return
|
||||
}
|
||||
|
||||
res.SetOutput(&ConfigUpdateOutput{
|
||||
Old: *oldCfg,
|
||||
New: *newCfg,
|
||||
OldCfg: oldCfgMap,
|
||||
NewCfg: newCfgMap,
|
||||
})
|
||||
},
|
||||
Marshalers: cmds.MarshalerMap{
|
||||
@ -380,7 +393,7 @@ var configProfileApplyCmd = &cmds.Command{
|
||||
return nil, e.TypeErr(apply, v)
|
||||
}
|
||||
|
||||
diff := jsondiff.Compare(apply.Old, apply.New)
|
||||
diff := jsondiff.Compare(apply.OldCfg, apply.NewCfg)
|
||||
buf := jsondiff.Format(diff)
|
||||
|
||||
return strings.NewReader(string(buf)), nil
|
||||
@ -404,6 +417,21 @@ func buildProfileHelp() string {
|
||||
return out
|
||||
}
|
||||
|
||||
// scrubPrivKey scrubs private key for security reasons.
|
||||
func scrubPrivKey(cfg *config.Config) (map[string]interface{}, error) {
|
||||
cfgMap, err := config.ToMap(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = scrubValue(cfgMap, []string{config.IdentityTag, config.PrivKeyTag})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return cfgMap, nil
|
||||
}
|
||||
|
||||
// transformConfig returns old config and new config instead of difference between they,
|
||||
// because apply command can provide stable API through this way.
|
||||
// If dryRun is true, repo's config should not be updated and persisted
|
||||
|
||||
@ -262,6 +262,16 @@ test_config_cmd() {
|
||||
test `grep "DisableNatPortMap" diff_info | wc -l` = 2
|
||||
'
|
||||
|
||||
test_expect_success "'ipfs config profile apply test --dry-run' doesn't include privkey" '
|
||||
ipfs config profile apply test --dry-run > show_config &&
|
||||
test_expect_code 1 grep PrivKey show_config
|
||||
'
|
||||
|
||||
test_expect_success "'ipfs config profile apply test' doesn't include privkey" '
|
||||
ipfs config profile apply test > show_config &&
|
||||
test_expect_code 1 grep PrivKey show_config
|
||||
'
|
||||
|
||||
# won't work as it changes datastore definition, which makes ipfs not launch
|
||||
# without converting first
|
||||
# test_profile_apply_revert badgerds
|
||||
|
||||
Reference in New Issue
Block a user