Browse Source

Merge pull request #1871 from Gibheer/config_minimum_key_sizes

move minimum key sizes to config
tags/v1.0.2
无闻 9 years ago
parent
commit
50058b3c6d
  1. 10
      conf/app.ini
  2. 14
      models/publickey.go
  3. 6
      modules/setting/setting.go

10
conf/app.ini

@ -116,6 +116,16 @@ DISABLE_MINIMUM_KEY_SIZE_CHECK = false
; Enable captcha validation for registration
ENABLE_CAPTCHA = true
; used to filter keys which are too short
[service.minimum_key_sizes]
ED25519 = 256
ECDSA = 256
NTRU = 1087
MCE = 1702
McE = 1702
RSA = 1024
DSA = 1024
[webhook]
; Hook task queue length
QUEUE_LENGTH = 1000

14
models/publickey.go

@ -117,16 +117,6 @@ func (key *PublicKey) GetAuthorizedString() string {
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
}
var minimumKeySizes = map[string]int{
"(ED25519)": 256,
"(ECDSA)": 256,
"(NTRU)": 1087,
"(MCE)": 1702,
"(McE)": 1702,
"(RSA)": 1024,
"(DSA)": 1024,
}
func extractTypeFromBase64Key(key string) (string, error) {
b, err := base64.StdEncoding.DecodeString(key)
if err != nil || len(b) < 4 {
@ -251,8 +241,8 @@ func CheckPublicKeyString(content string) (_ string, err error) {
if keySize == 0 {
return "", errors.New("cannot get key size of the given key")
}
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()")
if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
return "", errors.New("sorry, unrecognized public key type")
} else if keySize < minimumKeySize {
return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)

6
modules/setting/setting.go

@ -435,6 +435,7 @@ var Service struct {
EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool
DisableMinimumKeySizeCheck bool
MinimumKeySizes map[string]int
EnableCaptcha bool
}
@ -450,6 +451,11 @@ func newService() {
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys()
for _, key := range minimumKeySizes {
Service.MinimumKeySizes[key.Name()] = key.MustInt()
}
}
var logLevels = map[string]string{

Loading…
Cancel
Save