mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-11-24 08:02:18 +02:00
ability to customize the session secret and expiration
This commit is contained in:
parent
ab6b666650
commit
cd1fbe5d85
@ -64,6 +64,10 @@ port=""
|
||||
key=""
|
||||
cert=""
|
||||
|
||||
[session]
|
||||
secret=""
|
||||
duration=""
|
||||
|
||||
[database]
|
||||
driver=""
|
||||
datasource=""
|
||||
|
8
debian/drone/etc/drone/drone.toml
vendored
8
debian/drone/etc/drone/drone.toml
vendored
@ -3,16 +3,18 @@
|
||||
port=":80"
|
||||
|
||||
#####################################################################
|
||||
# SSL configuration for Drone. Provide you key and cert chain
|
||||
# to server Drone over https.
|
||||
# SSL configuration
|
||||
#
|
||||
# [server.ssl]
|
||||
# key=""
|
||||
# cert=""
|
||||
|
||||
# [session]
|
||||
# secret=""
|
||||
# duration=""
|
||||
|
||||
#####################################################################
|
||||
# Database configuration for Drone, by default using SQLite3.
|
||||
# Database configuration, by default using SQLite3.
|
||||
# You can also use postgres and mysql. See the documentation
|
||||
# for more details.
|
||||
|
||||
|
51
plugin/deploy/cloudfoundry/cloudfoundry.go
Normal file
51
plugin/deploy/cloudfoundry/cloudfoundry.go
Normal file
@ -0,0 +1,51 @@
|
||||
package cloudfoundry
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/drone/drone/plugin/condition"
|
||||
"github.com/drone/drone/shared/build/buildfile"
|
||||
)
|
||||
|
||||
type CloudFoundry struct {
|
||||
Target string `yaml:"target,omitempty"`
|
||||
Username string `yaml:"username,omitempty"`
|
||||
Password string `yaml:"password,omitempty"`
|
||||
Org string `yaml:"org,omitempty"`
|
||||
Space string `yaml:"space,omitempty"`
|
||||
|
||||
App string `yaml:"app,omitempty"`
|
||||
|
||||
Condition *condition.Condition `yaml:"when,omitempty"`
|
||||
}
|
||||
|
||||
func (cf *CloudFoundry) Write(f *buildfile.Buildfile) {
|
||||
downloadCmd := "curl -sLO http://go-cli.s3-website-us-east-1.amazonaws.com/releases/latest/cf-cli_amd64.deb"
|
||||
installCmd := "dpkg -i cf-cli_amd64.deb 1> /dev/null 2> /dev/null"
|
||||
|
||||
// download and install the cf tool
|
||||
f.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && sudo %s || %s", downloadCmd, downloadCmd))
|
||||
f.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && sudo %s || %s", installCmd, installCmd))
|
||||
|
||||
// login
|
||||
loginCmd := "cf login -a %s -u %s -p %s"
|
||||
|
||||
organization := cf.Org
|
||||
if organization != "" {
|
||||
loginCmd += fmt.Sprintf(" -o %s", organization)
|
||||
}
|
||||
|
||||
space := cf.Space
|
||||
if space != "" {
|
||||
loginCmd += fmt.Sprintf(" -s %s", space)
|
||||
}
|
||||
|
||||
f.WriteCmdSilent(fmt.Sprintf(loginCmd, cf.Target, cf.Username, cf.Password))
|
||||
|
||||
// push app
|
||||
pushCmd := "cf push %s"
|
||||
f.WriteCmd(fmt.Sprintf(pushCmd, cf.App))
|
||||
}
|
||||
|
||||
func (cf *CloudFoundry) GetCondition() *condition.Condition {
|
||||
return cf.Condition
|
||||
}
|
@ -7,14 +7,21 @@ import (
|
||||
|
||||
"code.google.com/p/go.net/context"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/drone/config"
|
||||
"github.com/drone/drone/server/datastore"
|
||||
"github.com/drone/drone/shared/httputil"
|
||||
"github.com/drone/drone/shared/model"
|
||||
"github.com/gorilla/securecookie"
|
||||
)
|
||||
|
||||
// secret key used to create jwt
|
||||
var secret = securecookie.GenerateRandomKey(32)
|
||||
// random key used to create jwt if none
|
||||
// provided in the configuration.
|
||||
var random = securecookie.GenerateRandomKey(32)
|
||||
|
||||
var (
|
||||
secret = config.String("session-secret", string(random))
|
||||
expires = config.Duration("session-expires", time.Hour*72)
|
||||
)
|
||||
|
||||
// GetUser gets the currently authenticated user for the
|
||||
// http.Request. The user details will be stored as either
|
||||
@ -38,7 +45,7 @@ func GenerateToken(c context.Context, r *http.Request, user *model.User) (string
|
||||
token.Claims["user_id"] = user.ID
|
||||
token.Claims["audience"] = httputil.GetURL(r)
|
||||
token.Claims["expires"] = time.Now().UTC().Add(time.Hour * 72).Unix()
|
||||
return token.SignedString(secret)
|
||||
return token.SignedString([]byte(*secret))
|
||||
}
|
||||
|
||||
// getUserToken gets the currently authenticated user for the given
|
||||
@ -56,7 +63,7 @@ func getUserBearer(c context.Context, r *http.Request) *model.User {
|
||||
fmt.Sscanf(tokenstr, "Bearer %s", &tokenstr)
|
||||
|
||||
var token, err = jwt.Parse(tokenstr, func(t *jwt.Token) (interface{}, error) {
|
||||
return secret, nil
|
||||
return []byte(*secret), nil
|
||||
})
|
||||
if err != nil || !token.Valid {
|
||||
println("invalid token")
|
||||
|
Loading…
Reference in New Issue
Block a user