opensource/kubo
1
0
Fork 0
mirror of https://github.com/ipfs/kubo.git synced 2025-06-30 09:59:13 +08:00
Code Issues Projects Releases Wiki Activity

feat: stop apply command exposing private key over HTTP API

Browse Source 
License: MIT
Signed-off-by: chenminjian <727180553@qq.com>
This commit is contained in:
chenminjian
2018-10-10 11:16:20 +08:00
committed by Steven Allen
parent 2e3cbe3e27
commit 64cdabc88f
2 changed files with 43 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
core/commands/config.go
View File

@ -23,8 +23,8 @@ import (
// ConfigUpdateOutput is config profile apply command's output // ConfigUpdateOutput is config profile apply command's output
type ConfigUpdateOutput struct { type ConfigUpdateOutput struct {
Old config.Config OldCfg map[string]interface{}
New config.Config NewCfg map[string]interface{}
} }
type ConfigField struct { type ConfigField struct {
@ -359,9 +359,22 @@ var configProfileApplyCmd = &cmds.Command{
res.SetError(err, cmdkit.ErrNormal) res.SetError(err, cmdkit.ErrNormal)
return return
} }
oldCfgMap, err := scrubPrivKey(oldCfg)
if err != nil {
res.SetError(err, cmdkit.ErrNormal)
return
}
newCfgMap, err := scrubPrivKey(newCfg)
if err != nil {
res.SetError(err, cmdkit.ErrNormal)
return
}
res.SetOutput(&ConfigUpdateOutput{ res.SetOutput(&ConfigUpdateOutput{
Old: *oldCfg, OldCfg: oldCfgMap,
New: *newCfg, NewCfg: newCfgMap,
}) })
}, },
Marshalers: cmds.MarshalerMap{ Marshalers: cmds.MarshalerMap{
@ -380,7 +393,7 @@ var configProfileApplyCmd = &cmds.Command{
return nil, e.TypeErr(apply, v) return nil, e.TypeErr(apply, v)
} }
diff := jsondiff.Compare(apply.Old, apply.New) diff := jsondiff.Compare(apply.OldCfg, apply.NewCfg)
buf := jsondiff.Format(diff) buf := jsondiff.Format(diff)
return strings.NewReader(string(buf)), nil return strings.NewReader(string(buf)), nil
@ -404,6 +417,21 @@ func buildProfileHelp() string {
return out return out
} }
// scrubPrivKey scrubs private key for security reasons.
func scrubPrivKey(cfg *config.Config) (map[string]interface{}, error) {
cfgMap, err := config.ToMap(cfg)
if err != nil {
return nil, err
}
err = scrubValue(cfgMap, []string{config.IdentityTag, config.PrivKeyTag})
if err != nil {
return nil, err
}
return cfgMap, nil
}
// transformConfig returns old config and new config instead of difference between they, // transformConfig returns old config and new config instead of difference between they,
// because apply command can provide stable API through this way. // because apply command can provide stable API through this way.
// If dryRun is true, repo's config should not be updated and persisted // If dryRun is true, repo's config should not be updated and persisted

10
test/sharness/t0021-config.sh
View File

@ -262,6 +262,16 @@ test_config_cmd() {
test `grep "DisableNatPortMap" diff_info | wc -l` = 2 test `grep "DisableNatPortMap" diff_info | wc -l` = 2
' '
test_expect_success "'ipfs config profile apply test --dry-run' doesn't include privkey" '
ipfs config profile apply test --dry-run > show_config &&
test_expect_code 1 grep PrivKey show_config
'
test_expect_success "'ipfs config profile apply test' doesn't include privkey" '
ipfs config profile apply test > show_config &&
test_expect_code 1 grep PrivKey show_config
'
# won't work as it changes datastore definition, which makes ipfs not launch # won't work as it changes datastore definition, which makes ipfs not launch
# without converting first # without converting first
# test_profile_apply_revert badgerds # test_profile_apply_revert badgerds