Encrypt migration credentials at rest (#15895)
* encrypt migration credentials in task persistence Not sure this is the best approach, we could encrypt the entire `PayloadContent` instead. Also instead of clearing individual fields in payload content, we could just delete the task once it has (successfully) finished..? * remove credentials of past migrations * only run DB migration for completed tasks * fix binding * add omitempty * never serialize unencrypted credentials * fix import order Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>mj-v1.18.3
parent
256b1a3561
commit
cb940c4312
@ -0,0 +1,74 @@
|
||||
// Copyright 2021 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package migrations
|
||||
|
||||
import (
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/modules/migrations/base"
|
||||
"code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
|
||||
jsoniter "github.com/json-iterator/go"
|
||||
"xorm.io/builder"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
func deleteMigrationCredentials(x *xorm.Engine) (err error) {
|
||||
const batchSize = 100
|
||||
|
||||
// only match migration tasks, that are not pending or running
|
||||
cond := builder.Eq{
|
||||
"type": structs.TaskTypeMigrateRepo,
|
||||
}.And(builder.Gte{
|
||||
"status": structs.TaskStatusStopped,
|
||||
})
|
||||
|
||||
sess := x.NewSession()
|
||||
defer sess.Close()
|
||||
|
||||
for start := 0; ; start += batchSize {
|
||||
tasks := make([]*models.Task, 0, batchSize)
|
||||
if err = sess.Limit(batchSize, start).Where(cond, 0).Find(&tasks); err != nil {
|
||||
return
|
||||
}
|
||||
if len(tasks) == 0 {
|
||||
break
|
||||
}
|
||||
if err = sess.Begin(); err != nil {
|
||||
return
|
||||
}
|
||||
for _, t := range tasks {
|
||||
if t.PayloadContent, err = removeCredentials(t.PayloadContent); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = sess.ID(t.ID).Cols("payload_content").Update(t); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
if err = sess.Commit(); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func removeCredentials(payload string) (string, error) {
|
||||
var opts base.MigrateOptions
|
||||
json := jsoniter.ConfigCompatibleWithStandardLibrary
|
||||
err := json.Unmarshal([]byte(payload), &opts)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
opts.AuthPassword = ""
|
||||
opts.AuthToken = ""
|
||||
opts.CloneAddr = util.SanitizeURLCredentials(opts.CloneAddr, true)
|
||||
|
||||
confBytes, err := json.Marshal(opts)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(confBytes), nil
|
||||
}
|
Loading…
Reference in new issue