Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

add support for reading more secrets from files

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2023-11-24 20:43:50 +01:00
parent a91cf22e0f
commit 6175acb572
11 changed files with 126 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
internal/httpd/httpd.go
View File

@@ -760,7 +760,8 @@ type Conf struct {
// SigningPassphrase defines the passphrase to use to derive the signing key for JWT and CSRF tokens.
// If empty a random signing key will be generated each time SFTPGo starts. If you set a
// signing passphrase you should consider rotating it periodically for added security
SigningPassphrase string `json:"signing_passphrase" mapstructure:"signing_passphrase"`
SigningPassphrase string `json:"signing_passphrase" mapstructure:"signing_passphrase"`
SigningPassphraseFile string `json:"signing_passphrase_file" mapstructure:"signing_passphrase_file"`
// TokenValidation allows to define how to validate JWT tokens, cookies and CSRF tokens.
// By default all the available security checks are enabled. Set to 1 to disable the requirement
// that a token must be used by the same IP for which it was issued.
@@ -912,6 +913,21 @@ func (c *Conf) loadFromProvider() error {
return nil
}
func (c *Conf) loadTemplates(templatesPath string) {
if c.isWebAdminEnabled() {
updateWebAdminURLs(c.WebRoot)
loadAdminTemplates(templatesPath)
} else {
logger.Info(logSender, "", "built-in web admin interface disabled")
}
if c.isWebClientEnabled() {
updateWebClientURLs(c.WebRoot)
loadClientTemplates(templatesPath)
} else {
logger.Info(logSender, "", "built-in web client interface disabled")
}
}
// Initialize configures and starts the HTTP server
func (c *Conf) Initialize(configDir string, isShared int) error {
if err := c.loadFromProvider(); err != nil {
@@ -929,18 +945,7 @@ func (c *Conf) Initialize(configDir string, isShared int) error {
if err := c.checkRequiredDirs(staticFilesPath, templatesPath); err != nil {
return err
}
if c.isWebAdminEnabled() {
updateWebAdminURLs(c.WebRoot)
loadAdminTemplates(templatesPath)
} else {
logger.Info(logSender, "", "built-in web admin interface disabled")
}
if c.isWebClientEnabled() {
updateWebClientURLs(c.WebRoot)
loadClientTemplates(templatesPath)
} else {
logger.Info(logSender, "", "built-in web client interface disabled")
}
c.loadTemplates(templatesPath)
keyPairs := c.getKeyPairs(configDir)
if len(keyPairs) > 0 {
mgr, err := common.NewCertManager(keyPairs, configDir, logSender)
@@ -958,6 +963,14 @@ func (c *Conf) Initialize(configDir string, isShared int) error {
certMgr = mgr
}
if c.SigningPassphraseFile != "" {
passphrase, err := util.ReadConfigFromFile(c.SigningPassphraseFile, configDir)
if err != nil {
return err
}
c.SigningPassphrase = passphrase
}
csrfTokenAuth = jwtauth.New(jwa.HS256.String(), getSigningKey(c.SigningPassphrase), nil)
hideSupportLink = c.HideSupportLink