From c0fc53e22602fc4b3c8d890d235d0911bef074fe Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 22 Jun 2023 20:16:12 -0400 Subject: [PATCH] Import additional secrets via file uri (#25408) --- modules/setting/lfs.go | 2 ++ modules/setting/oauth2.go | 2 ++ modules/setting/security.go | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go index 140a96f9e..784a99582 100644 --- a/modules/setting/lfs.go +++ b/modules/setting/lfs.go @@ -53,6 +53,8 @@ func loadLFSFrom(rootCfg ConfigProvider) error { return nil } + LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("lfs"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET") + LFS.JWTSecretBytes = make([]byte, 32) n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64)) diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go index 83c607a41..9113d72e8 100644 --- a/modules/setting/oauth2.go +++ b/modules/setting/oauth2.go @@ -116,6 +116,8 @@ func loadOAuth2From(rootCfg ConfigProvider) { return } + OAuth2.JWTSecretBase64 = loadSecret(rootCfg.Section("oauth2"), "JWT_SECRET_URI", "JWT_SECRET") + if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) { OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile) } diff --git a/modules/setting/security.go b/modules/setting/security.go index c39eb7f3e..5f1f9f4ad 100644 --- a/modules/setting/security.go +++ b/modules/setting/security.go @@ -76,7 +76,7 @@ func loadSecret(sec ConfigSection, uriKey, verbatimKey string) string { // only file URIs are allowed default: - log.Fatal("Unsupported URI-Scheme %q (INTERNAL_TOKEN_URI = %q)", tempURI.Scheme, uri) + log.Fatal("Unsupported URI-Scheme %q (%q = %q)", tempURI.Scheme, uriKey, uri) return "" } }