mirror of
https://github.com/octoleo/syncthing.git
synced 2024-12-22 19:08:58 +00:00
77970d5113
At a high level, this is what I've done and why: - I'm moving the protobuf generation for the `protocol`, `discovery` and `db` packages to the modern alternatives, and using `buf` to generate because it's nice and simple. - After trying various approaches on how to integrate the new types with the existing code, I opted for splitting off our own data model types from the on-the-wire generated types. This means we can have a `FileInfo` type with nicer ergonomics and lots of methods, while the protobuf generated type stays clean and close to the wire protocol. It does mean copying between the two when required, which certainly adds a small amount of inefficiency. If we want to walk this back in the future and use the raw generated type throughout, that's possible, this however makes the refactor smaller (!) as it doesn't change everything about the type for everyone at the same time. - I have simply removed in cold blood a significant number of old database migrations. These depended on previous generations of generated messages of various kinds and were annoying to support in the new fashion. The oldest supported database version now is the one from Syncthing 1.9.0 from Sep 7, 2020. - I changed config structs to be regular manually defined structs. For the sake of discussion, some things I tried that turned out not to work... ### Embedding / wrapping Embedding the protobuf generated structs in our existing types as a data container and keeping our methods and stuff: ``` package protocol type FileInfo struct { *generated.FileInfo } ``` This generates a lot of problems because the internal shape of the generated struct is quite different (different names, different types, more pointers), because initializing it doesn't work like you'd expect (i.e., you end up with an embedded nil pointer and a panic), and because the types of child types don't get wrapped. That is, even if we also have a similar wrapper around a `Vector`, that's not the type you get when accessing `someFileInfo.Version`, you get the `*generated.Vector` that doesn't have methods, etc. ### Aliasing ``` package protocol type FileInfo = generated.FileInfo ``` Doesn't help because you can't attach methods to it, plus all the above. ### Generating the types into the target package like we do now and attaching methods This fails because of the different shape of the generated type (as in the embedding case above) plus the generated struct already has a bunch of methods that we can't necessarily override properly (like `String()` and a bunch of getters). ### Methods to functions I considered just moving all the methods we attach to functions in a specific package, so that for example ``` package protocol func (f FileInfo) Equal(other FileInfo) bool ``` would become ``` package fileinfos func Equal(a, b *generated.FileInfo) bool ``` and this would mostly work, but becomes quite verbose and cumbersome, and somewhat limits discoverability (you can't see what methods are available on the type in auto completions, etc). In the end I did this in some cases, like in the database layer where a lot of things like `func (fv *FileVersion) IsEmpty() bool` becomes `func fvIsEmpty(fv *generated.FileVersion)` because they were anyway just internal methods. Fixes #8247
184 lines
5.3 KiB
Go
184 lines
5.3 KiB
Go
// Copyright (C) 2014 The Syncthing Authors.
|
|
//
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
// You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
package config
|
|
|
|
import (
|
|
"net/url"
|
|
"os"
|
|
"regexp"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
"github.com/syncthing/syncthing/lib/rand"
|
|
)
|
|
|
|
type GUIConfiguration struct {
|
|
Enabled bool `json:"enabled" xml:"enabled,attr" default:"true"`
|
|
RawAddress string `json:"address" xml:"address" default:"127.0.0.1:8384"`
|
|
RawUnixSocketPermissions string `json:"unixSocketPermissions" xml:"unixSocketPermissions,omitempty"`
|
|
User string `json:"user" xml:"user,omitempty"`
|
|
Password string `json:"password" xml:"password,omitempty"`
|
|
AuthMode AuthMode `json:"authMode" xml:"authMode,omitempty"`
|
|
RawUseTLS bool `json:"useTLS" xml:"tls,attr"`
|
|
APIKey string `json:"apiKey" xml:"apikey,omitempty"`
|
|
InsecureAdminAccess bool `json:"insecureAdminAccess" xml:"insecureAdminAccess,omitempty"`
|
|
Theme string `json:"theme" xml:"theme" default:"default"`
|
|
Debugging bool `json:"debugging" xml:"debugging,attr"`
|
|
InsecureSkipHostCheck bool `json:"insecureSkipHostcheck" xml:"insecureSkipHostcheck,omitempty"`
|
|
InsecureAllowFrameLoading bool `json:"insecureAllowFrameLoading" xml:"insecureAllowFrameLoading,omitempty"`
|
|
SendBasicAuthPrompt bool `json:"sendBasicAuthPrompt" xml:"sendBasicAuthPrompt,attr"`
|
|
}
|
|
|
|
func (c GUIConfiguration) IsAuthEnabled() bool {
|
|
// This function should match isAuthEnabled() in syncthingController.js
|
|
return c.AuthMode == AuthModeLDAP || (len(c.User) > 0 && len(c.Password) > 0)
|
|
}
|
|
|
|
func (GUIConfiguration) IsOverridden() bool {
|
|
return os.Getenv("STGUIADDRESS") != ""
|
|
}
|
|
|
|
func (c GUIConfiguration) Address() string {
|
|
if override := os.Getenv("STGUIADDRESS"); override != "" {
|
|
// This value may be of the form "scheme://address:port" or just
|
|
// "address:port". We need to chop off the scheme. We try to parse it as
|
|
// an URL if it contains a slash. If that fails, return it as is and let
|
|
// some other error handling handle it.
|
|
|
|
if strings.Contains(override, "/") {
|
|
url, err := url.Parse(override)
|
|
if err != nil {
|
|
return override
|
|
}
|
|
if strings.HasPrefix(url.Scheme, "unix") {
|
|
return url.Path
|
|
}
|
|
return url.Host
|
|
}
|
|
|
|
return override
|
|
}
|
|
|
|
return c.RawAddress
|
|
}
|
|
|
|
func (c GUIConfiguration) UnixSocketPermissions() os.FileMode {
|
|
perm, err := strconv.ParseUint(c.RawUnixSocketPermissions, 8, 32)
|
|
if err != nil {
|
|
// ignore incorrectly formatted permissions
|
|
return 0
|
|
}
|
|
return os.FileMode(perm) & os.ModePerm
|
|
}
|
|
|
|
func (c GUIConfiguration) Network() string {
|
|
if override := os.Getenv("STGUIADDRESS"); override != "" {
|
|
url, err := url.Parse(override)
|
|
if err == nil && strings.HasPrefix(url.Scheme, "unix") {
|
|
return "unix"
|
|
}
|
|
return "tcp"
|
|
}
|
|
if strings.HasPrefix(c.RawAddress, "/") {
|
|
return "unix"
|
|
}
|
|
return "tcp"
|
|
}
|
|
|
|
func (c GUIConfiguration) UseTLS() bool {
|
|
if override := os.Getenv("STGUIADDRESS"); override != "" {
|
|
return strings.HasPrefix(override, "https:") || strings.HasPrefix(override, "unixs:")
|
|
}
|
|
return c.RawUseTLS
|
|
}
|
|
|
|
func (c GUIConfiguration) URL() string {
|
|
if c.Network() == "unix" {
|
|
if c.UseTLS() {
|
|
return "unixs://" + c.Address()
|
|
}
|
|
return "unix://" + c.Address()
|
|
}
|
|
|
|
u := url.URL{
|
|
Scheme: "http",
|
|
Host: c.Address(),
|
|
Path: "/",
|
|
}
|
|
|
|
if c.UseTLS() {
|
|
u.Scheme = "https"
|
|
}
|
|
|
|
if strings.HasPrefix(u.Host, ":") {
|
|
// Empty host, i.e. ":port", use IPv4 localhost
|
|
u.Host = "127.0.0.1" + u.Host
|
|
} else if strings.HasPrefix(u.Host, "0.0.0.0:") {
|
|
// IPv4 all zeroes host, convert to IPv4 localhost
|
|
u.Host = "127.0.0.1" + u.Host[7:]
|
|
} else if strings.HasPrefix(u.Host, "[::]:") {
|
|
// IPv6 all zeroes host, convert to IPv6 localhost
|
|
u.Host = "[::1]" + u.Host[4:]
|
|
}
|
|
|
|
return u.String()
|
|
}
|
|
|
|
// matches a bcrypt hash and not too much else
|
|
var bcryptExpr = regexp.MustCompile(`^\$2[aby]\$\d+\$.{50,}`)
|
|
|
|
// SetPassword takes a bcrypt hash or a plaintext password and stores it.
|
|
// Plaintext passwords are hashed. Returns an error if the password is not
|
|
// valid.
|
|
func (c *GUIConfiguration) SetPassword(password string) error {
|
|
if bcryptExpr.MatchString(password) {
|
|
// Already hashed
|
|
c.Password = password
|
|
return nil
|
|
}
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
c.Password = string(hash)
|
|
return nil
|
|
}
|
|
|
|
// CompareHashedPassword returns nil when the given plaintext password matches the stored hash.
|
|
func (c GUIConfiguration) CompareHashedPassword(password string) error {
|
|
configPasswordBytes := []byte(c.Password)
|
|
passwordBytes := []byte(password)
|
|
return bcrypt.CompareHashAndPassword(configPasswordBytes, passwordBytes)
|
|
}
|
|
|
|
// IsValidAPIKey returns true when the given API key is valid, including both
|
|
// the value in config and any overrides
|
|
func (c GUIConfiguration) IsValidAPIKey(apiKey string) bool {
|
|
switch apiKey {
|
|
case "":
|
|
return false
|
|
|
|
case c.APIKey, os.Getenv("STGUIAPIKEY"):
|
|
return true
|
|
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (c *GUIConfiguration) prepare() {
|
|
if c.APIKey == "" {
|
|
c.APIKey = rand.String(32)
|
|
}
|
|
}
|
|
|
|
func (c GUIConfiguration) Copy() GUIConfiguration {
|
|
return c
|
|
}
|