From cd1fbe5d853c14e002dfd4563e9c0323636338bf Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Sat, 11 Oct 2014 20:33:06 -0700 Subject: [PATCH] ability to customize the session secret and expiration --- README.md | 4 ++ debian/drone/etc/drone/drone.toml | 8 ++-- plugin/deploy/cloudfoundry/cloudfoundry.go | 51 ++++++++++++++++++++++ server/session/session.go | 15 +++++-- 4 files changed, 71 insertions(+), 7 deletions(-) create mode 100644 plugin/deploy/cloudfoundry/cloudfoundry.go diff --git a/README.md b/README.md index 94c56d32..e2696ca0 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,10 @@ port="" key="" cert="" +[session] +secret="" +duration="" + [database] driver="" datasource="" diff --git a/debian/drone/etc/drone/drone.toml b/debian/drone/etc/drone/drone.toml index f7ab89a3..06d17a9e 100644 --- a/debian/drone/etc/drone/drone.toml +++ b/debian/drone/etc/drone/drone.toml @@ -3,16 +3,18 @@ port=":80" ##################################################################### -# SSL configuration for Drone. Provide you key and cert chain -# to server Drone over https. +# SSL configuration # # [server.ssl] # key="" # cert="" +# [session] +# secret="" +# duration="" ##################################################################### -# Database configuration for Drone, by default using SQLite3. +# Database configuration, by default using SQLite3. # You can also use postgres and mysql. See the documentation # for more details. diff --git a/plugin/deploy/cloudfoundry/cloudfoundry.go b/plugin/deploy/cloudfoundry/cloudfoundry.go new file mode 100644 index 00000000..73e5e040 --- /dev/null +++ b/plugin/deploy/cloudfoundry/cloudfoundry.go @@ -0,0 +1,51 @@ +package cloudfoundry + +import ( + "fmt" + "github.com/drone/drone/plugin/condition" + "github.com/drone/drone/shared/build/buildfile" +) + +type CloudFoundry struct { + Target string `yaml:"target,omitempty"` + Username string `yaml:"username,omitempty"` + Password string `yaml:"password,omitempty"` + Org string `yaml:"org,omitempty"` + Space string `yaml:"space,omitempty"` + + App string `yaml:"app,omitempty"` + + Condition *condition.Condition `yaml:"when,omitempty"` +} + +func (cf *CloudFoundry) Write(f *buildfile.Buildfile) { + downloadCmd := "curl -sLO http://go-cli.s3-website-us-east-1.amazonaws.com/releases/latest/cf-cli_amd64.deb" + installCmd := "dpkg -i cf-cli_amd64.deb 1> /dev/null 2> /dev/null" + + // download and install the cf tool + f.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && sudo %s || %s", downloadCmd, downloadCmd)) + f.WriteCmdSilent(fmt.Sprintf("[ -f /usr/bin/sudo ] && sudo %s || %s", installCmd, installCmd)) + + // login + loginCmd := "cf login -a %s -u %s -p %s" + + organization := cf.Org + if organization != "" { + loginCmd += fmt.Sprintf(" -o %s", organization) + } + + space := cf.Space + if space != "" { + loginCmd += fmt.Sprintf(" -s %s", space) + } + + f.WriteCmdSilent(fmt.Sprintf(loginCmd, cf.Target, cf.Username, cf.Password)) + + // push app + pushCmd := "cf push %s" + f.WriteCmd(fmt.Sprintf(pushCmd, cf.App)) +} + +func (cf *CloudFoundry) GetCondition() *condition.Condition { + return cf.Condition +} diff --git a/server/session/session.go b/server/session/session.go index 924b0d69..9330ab0d 100644 --- a/server/session/session.go +++ b/server/session/session.go @@ -7,14 +7,21 @@ import ( "code.google.com/p/go.net/context" "github.com/dgrijalva/jwt-go" + "github.com/drone/config" "github.com/drone/drone/server/datastore" "github.com/drone/drone/shared/httputil" "github.com/drone/drone/shared/model" "github.com/gorilla/securecookie" ) -// secret key used to create jwt -var secret = securecookie.GenerateRandomKey(32) +// random key used to create jwt if none +// provided in the configuration. +var random = securecookie.GenerateRandomKey(32) + +var ( + secret = config.String("session-secret", string(random)) + expires = config.Duration("session-expires", time.Hour*72) +) // GetUser gets the currently authenticated user for the // http.Request. The user details will be stored as either @@ -38,7 +45,7 @@ func GenerateToken(c context.Context, r *http.Request, user *model.User) (string token.Claims["user_id"] = user.ID token.Claims["audience"] = httputil.GetURL(r) token.Claims["expires"] = time.Now().UTC().Add(time.Hour * 72).Unix() - return token.SignedString(secret) + return token.SignedString([]byte(*secret)) } // getUserToken gets the currently authenticated user for the given @@ -56,7 +63,7 @@ func getUserBearer(c context.Context, r *http.Request) *model.User { fmt.Sscanf(tokenstr, "Bearer %s", &tokenstr) var token, err = jwt.Parse(tokenstr, func(t *jwt.Token) (interface{}, error) { - return secret, nil + return []byte(*secret), nil }) if err != nil || !token.Valid { println("invalid token")