init credential secret

2023-02-10 09:51:42 +08:00 · 2023-02-10 09:51:42 +08:00 · e11207dbc0
parent 844969c5c1
commit e11207dbc0
2 changed files with 51 additions and 4 deletions
--- a/config/system_config.tpl
+++ b/config/system_config.tpl
@ -11,7 +11,7 @@ elasticsearch:
      enabled: false
    basic_auth:
      username: $[[CLUSTER_USER]]
-      password: $[[CLUSTER_PASS]]
+      password: $[[keystore.SYSTEM_CLUSTER_PASS]]

 elastic.elasticsearch: $[[CLUSTER_ID]]

--- a/plugin/setup/setup.go
+++ b/plugin/setup/setup.go
@ -2,15 +2,19 @@ package task

 import (
 	"bytes"
+	"crypto/md5"
+	"encoding/hex"
 	"fmt"
 	"golang.org/x/crypto/bcrypt"
 	"infini.sh/framework/core/api"
 	"infini.sh/framework/core/api/rbac"
 	httprouter "infini.sh/framework/core/api/router"
+	"infini.sh/framework/core/credential"
 	"infini.sh/framework/core/elastic"
 	"infini.sh/framework/core/env"
 	"infini.sh/framework/core/errors"
 	"infini.sh/framework/core/global"
+	"infini.sh/framework/core/keystore"
 	"infini.sh/framework/core/module"
 	"infini.sh/framework/core/orm"
 	"infini.sh/framework/core/pipeline"
@ -84,6 +88,7 @@ type SetupRequest struct {
 	Skip bool `json:"skip"`
 	BootstrapUsername string `json:"bootstrap_username"`
 	BootstrapPassword string `json:"bootstrap_password"`
+	CredentialSecret string `json:"credential_secret"`
 }

 var tempID="infini_default_system_cluster"
@ -324,6 +329,9 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http
 	if err!=nil{
 		panic(err)
 	}
+	if request.CredentialSecret == "" {
+		panic("invalid credential secret")
+	}

 	if cfg1.IndexPrefix==""{
 		cfg1.IndexPrefix=".infini_"
@ -346,6 +354,16 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http
 	//处理ORM
 	handler := elastic2.ElasticORM{Client: client, Config:cfg1 }
 	orm.Register("elastic_setup_"+util.GetUUID(), handler)
+	//生成凭据并保存
+	h := md5.New()
+	rawSecret := []byte(request.CredentialSecret)
+	h.Write(rawSecret)
+	secret := make([]byte, 32)
+	hex.Encode(secret, h.Sum(nil))
+	err = credential.InitSecret(nil, secret)
+	if err != nil {
+		panic(err)
+	}

 	if !request.Skip{
 		//处理模版
@ -410,8 +428,36 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http
 		//init security
 		security.InitSecurity()

+
+		toSaveCfg := cfg
+		if request.Cluster.Username != "" || request.Cluster.Password != "" {
+			cred := credential.Credential{
+				Name: "INFINI_SYSTEM",
+				Type: credential.BasicAuth,
+				Tags: []string{"infini", "system"},
+				Payload: map[string]interface{}{
+					"basic_auth": map[string]interface{}{
+						"username": request.Cluster.Username,
+						"password": request.Cluster.Password,
+					},
+				},
+			}
+			cred.ID = util.GetUUID()
+			err = cred.Encode()
+			if err != nil {
+				panic(err)
+			}
+			toSaveCfg.CredentialID = cred.ID
+			cfg.CredentialID = cred.ID
+			err = orm.Save(nil, &cred)
+			if err!=nil{
+				panic(err)
+			}
+			toSaveCfg.BasicAuth = nil
+		}
+
 		//保存默认集群
-		err=orm.Save(nil, &cfg)
+		err=orm.Save(nil, &toSaveCfg)
 		if err!=nil{
 			panic(err)
 		}
@ -449,14 +495,15 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http
 		}

 	}
+	keystore.SetValue("SYSTEM_CLUSTER_PASS", []byte(cfg.BasicAuth.Password))


 	//save to local file
 	file:=path.Join(global.Env().GetConfigDir(),"system_config.yml")
 	_,err=util.FilePutContent(file,fmt.Sprintf("configs.template:\n  - name: \"system\"\n    path: ./config/system_config.tpl\n    variable:\n      " +
 		"CLUSTER_ID: %v\n      CLUSTER_ENDPINT: \"%v\"\n      " +
-		"CLUSTER_USER: \"%v\"\n      CLUSTER_PASS: \"%v\"\n      CLUSTER_VER: \"%v\"\n      INDEX_PREFIX: \"%v\"",
-	tempID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.BasicAuth.Password,cfg.Version,cfg1.IndexPrefix	))
+		"CLUSTER_USER: \"%v\"\n      CLUSTER_VER: \"%v\"\n      INDEX_PREFIX: \"%v\"",
+	tempID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.Version,cfg1.IndexPrefix	))
 	if err!=nil{
 		panic(err)
 	}