1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-12-22 07:15:47 +01:00

Move administrator password to data/config.json.

This commit is contained in:
Juliusz Chroboczek 2021-10-26 20:10:24 +02:00
parent c64ec4ccd0
commit c0b30c8557
5 changed files with 98 additions and 39 deletions

View file

@ -12,15 +12,6 @@ On Windows, do
go build -ldflags="-s -w"
## Set the server administrator credentials
This step is optional, it is currently only relevant for access to the
`/stats.html` and `/stats.json` locations.
mkdir data
echo 'god:topsecret' > data/passwd
## Set up a group
Set up a group called *test* by creating a file `groups/test.json`:

15
README
View file

@ -37,6 +37,21 @@ available commands; the output depends on whether you are an operator or
not.
# The global configuration file
The server may be configured in the JSON file `data/config.json`. This
file may look as follows:
{
"admin":[{"username":"root","password":"secret"}]
}
The fields are as follows:
- `admin` defines the users allowed to look at the `/stats.html` file; it
has the same syntax as user definitions in groups (see below).
# Group definitions
Groups are defined by files in the `./groups` directory (this may be

View file

@ -21,7 +21,7 @@ import (
)
func main() {
var cpuprofile, memprofile, mutexprofile, httpAddr, dataDir string
var cpuprofile, memprofile, mutexprofile, httpAddr string
var udpRange string
flag.StringVar(&httpAddr, "http", ":8443", "web server `address`")
@ -31,7 +31,7 @@ func main() {
"redirect to canonical `host`")
flag.BoolVar(&webserver.Insecure, "insecure", false,
"act as an HTTP server rather than HTTPS")
flag.StringVar(&dataDir, "data", "./data/",
flag.StringVar(&group.DataDirectory, "data", "./data/",
"data `directory`")
flag.StringVar(&group.Directory, "groups", "./groups/",
"group description `directory`")
@ -112,7 +112,7 @@ func main() {
log.Printf("File descriptor limit is %v, please increase it!", n)
}
ice.ICEFilename = filepath.Join(dataDir, "ice-servers.json")
ice.ICEFilename = filepath.Join(group.DataDirectory, "ice-servers.json")
// make sure the list of public groups is updated early
go group.Update()
@ -123,7 +123,7 @@ func main() {
serverDone := make(chan struct{})
go func() {
err := webserver.Serve(httpAddr, dataDir)
err := webserver.Serve(httpAddr, group.DataDirectory)
if err != nil {
log.Printf("Server: %v", err)
}

View file

@ -17,7 +17,7 @@ import (
"github.com/pion/webrtc/v3"
)
var Directory string
var Directory, DataDirectory string
var UseMDNS bool
var UDPMin, UDPMax uint16
@ -802,8 +802,67 @@ func matchClient(group string, creds ClientCredentials, users []ClientPattern) (
return false, false
}
// Type Description represents a group description together with some
// metadata about the JSON file it was deserialised from.
// Configuration represents the contents of the data/config.json file.
type Configuration struct {
// The modtime and size of the file. These are used to detect
// when a file has changed on disk.
modTime time.Time `json:"-"`
fileSize int64 `json:"-"`
Admin []ClientPattern `json:"admin"`
}
var configuration struct {
mu sync.Mutex
configuration *Configuration
}
func GetConfiguration() (*Configuration, error) {
configuration.mu.Lock()
defer configuration.mu.Unlock()
if configuration.configuration == nil {
configuration.configuration = &Configuration{}
}
filename := filepath.Join(DataDirectory, "config.json")
fi, err := os.Stat(filename)
if err != nil {
if os.IsNotExist(err) {
if !configuration.configuration.modTime.Equal(
time.Time{},
) {
configuration.configuration = &Configuration{}
return configuration.configuration, nil
}
}
return nil, err
}
if configuration.configuration.modTime.Equal(fi.ModTime()) &&
configuration.configuration.fileSize == fi.Size() {
return configuration.configuration, nil
}
f, err := os.Open(filename)
if err != nil {
return nil, err
}
defer f.Close()
d := json.NewDecoder(f)
d.DisallowUnknownFields()
var conf Configuration
err = d.Decode(&conf)
if err != nil {
return nil, err
}
configuration.configuration = &conf
return configuration.configuration, nil
}
// Description represents a group description together with some metadata
// about the JSON file it was deserialised from.
type Description struct {
// The file this was deserialised from. This is not necessarily
// the name of the group, for example in case of a subgroup.

View file

@ -1,7 +1,6 @@
package webserver
import (
"bufio"
"context"
"crypto/tls"
"encoding/json"
@ -327,26 +326,20 @@ func publicHandler(w http.ResponseWriter, r *http.Request) {
return
}
func getPassword(dataDir string) (string, string, error) {
f, err := os.Open(filepath.Join(dataDir, "passwd"))
func adminMatch(username, password string) (bool, error) {
conf, err := group.GetConfiguration()
if err != nil {
return "", "", err
}
defer f.Close()
r := bufio.NewReader(f)
s, err := r.ReadString('\n')
if err != nil {
return "", "", err
return false, err
}
l := strings.SplitN(strings.TrimSpace(s), ":", 2)
if len(l) != 2 {
return "", "", errors.New("couldn't parse passwords")
for _, cred := range conf.Admin {
if cred.Username == "" || cred.Username == username {
if ok, _ := cred.Password.Match(password); ok {
return true, nil
}
}
}
return l[0], l[1], nil
return false, nil
}
func failAuthentication(w http.ResponseWriter, realm string) {
@ -356,15 +349,16 @@ func failAuthentication(w http.ResponseWriter, realm string) {
}
func statsHandler(w http.ResponseWriter, r *http.Request, dataDir string) {
u, p, err := getPassword(dataDir)
if err != nil {
log.Printf("Passwd: %v", err)
username, password, ok := r.BasicAuth()
if !ok {
failAuthentication(w, "stats")
return
}
username, password, ok := r.BasicAuth()
if !ok || username != u || password != p {
if ok, err := adminMatch(username, password); !ok {
if err != nil {
log.Printf("Administrator password: %v", err)
}
failAuthentication(w, "stats")
return
}
@ -377,7 +371,7 @@ func statsHandler(w http.ResponseWriter, r *http.Request, dataDir string) {
ss := stats.GetGroups()
e := json.NewEncoder(w)
err = e.Encode(ss)
err := e.Encode(ss)
if err != nil {
log.Printf("stats.json: %v", err)
}