diff --git a/config/system_config.tpl b/config/system_config.tpl index 770d27c0..377d466a 100644 --- a/config/system_config.tpl +++ b/config/system_config.tpl @@ -11,7 +11,7 @@ elasticsearch: enabled: false basic_auth: username: $[[CLUSTER_USER]] - password: $[[CLUSTER_PASS]] + password: $[[keystore.SYSTEM_CLUSTER_PASS]] elastic.elasticsearch: $[[CLUSTER_ID]] diff --git a/plugin/setup/setup.go b/plugin/setup/setup.go index 5efcb58f..803fd535 100644 --- a/plugin/setup/setup.go +++ b/plugin/setup/setup.go @@ -2,15 +2,19 @@ package task import ( "bytes" + "crypto/md5" + "encoding/hex" "fmt" "golang.org/x/crypto/bcrypt" "infini.sh/framework/core/api" "infini.sh/framework/core/api/rbac" httprouter "infini.sh/framework/core/api/router" + "infini.sh/framework/core/credential" "infini.sh/framework/core/elastic" "infini.sh/framework/core/env" "infini.sh/framework/core/errors" "infini.sh/framework/core/global" + "infini.sh/framework/core/keystore" "infini.sh/framework/core/module" "infini.sh/framework/core/orm" "infini.sh/framework/core/pipeline" @@ -84,6 +88,7 @@ type SetupRequest struct { Skip bool `json:"skip"` BootstrapUsername string `json:"bootstrap_username"` BootstrapPassword string `json:"bootstrap_password"` + CredentialSecret string `json:"credential_secret"` } var tempID="infini_default_system_cluster" @@ -324,6 +329,9 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http if err!=nil{ panic(err) } + if request.CredentialSecret == "" { + panic("invalid credential secret") + } if cfg1.IndexPrefix==""{ cfg1.IndexPrefix=".infini_" @@ -346,6 +354,16 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http //处理ORM handler := elastic2.ElasticORM{Client: client, Config:cfg1 } orm.Register("elastic_setup_"+util.GetUUID(), handler) + //生成凭据并保存 + h := md5.New() + rawSecret := []byte(request.CredentialSecret) + h.Write(rawSecret) + secret := make([]byte, 32) + hex.Encode(secret, h.Sum(nil)) + err = credential.InitSecret(nil, secret) + if err != nil { + panic(err) + } if !request.Skip{ //处理模版 @@ -410,8 +428,36 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http //init security security.InitSecurity() + + toSaveCfg := cfg + if request.Cluster.Username != "" || request.Cluster.Password != "" { + cred := credential.Credential{ + Name: "INFINI_SYSTEM", + Type: credential.BasicAuth, + Tags: []string{"infini", "system"}, + Payload: map[string]interface{}{ + "basic_auth": map[string]interface{}{ + "username": request.Cluster.Username, + "password": request.Cluster.Password, + }, + }, + } + cred.ID = util.GetUUID() + err = cred.Encode() + if err != nil { + panic(err) + } + toSaveCfg.CredentialID = cred.ID + cfg.CredentialID = cred.ID + err = orm.Save(nil, &cred) + if err!=nil{ + panic(err) + } + toSaveCfg.BasicAuth = nil + } + //保存默认集群 - err=orm.Save(nil, &cfg) + err=orm.Save(nil, &toSaveCfg) if err!=nil{ panic(err) } @@ -449,14 +495,15 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http } } + keystore.SetValue("SYSTEM_CLUSTER_PASS", []byte(cfg.BasicAuth.Password)) //save to local file file:=path.Join(global.Env().GetConfigDir(),"system_config.yml") _,err=util.FilePutContent(file,fmt.Sprintf("configs.template:\n - name: \"system\"\n path: ./config/system_config.tpl\n variable:\n " + "CLUSTER_ID: %v\n CLUSTER_ENDPINT: \"%v\"\n " + - "CLUSTER_USER: \"%v\"\n CLUSTER_PASS: \"%v\"\n CLUSTER_VER: \"%v\"\n INDEX_PREFIX: \"%v\"", - tempID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.BasicAuth.Password,cfg.Version,cfg1.IndexPrefix )) + "CLUSTER_USER: \"%v\"\n CLUSTER_VER: \"%v\"\n INDEX_PREFIX: \"%v\"", + tempID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.Version,cfg1.IndexPrefix )) if err!=nil{ panic(err) }