move minimum key sizes to config
This moves the minimum key sizes into the config file, so that anyone can modify the restrictions.
This commit is contained in:
parent
31b375782b
commit
b90b0c1191
10
conf/app.ini
10
conf/app.ini
@ -116,6 +116,16 @@ DISABLE_MINIMUM_KEY_SIZE_CHECK = false
|
|||||||
; Enable captcha validation for registration
|
; Enable captcha validation for registration
|
||||||
ENABLE_CAPTCHA = true
|
ENABLE_CAPTCHA = true
|
||||||
|
|
||||||
|
; used to filter keys which are too short
|
||||||
|
[service.minimum_key_sizes]
|
||||||
|
ED25519 = 256
|
||||||
|
ECDSA = 256
|
||||||
|
NTRU = 1087
|
||||||
|
MCE = 1702
|
||||||
|
McE = 1702
|
||||||
|
RSA = 1024
|
||||||
|
DSA = 1024
|
||||||
|
|
||||||
[webhook]
|
[webhook]
|
||||||
; Hook task queue length
|
; Hook task queue length
|
||||||
QUEUE_LENGTH = 1000
|
QUEUE_LENGTH = 1000
|
||||||
|
@ -117,16 +117,6 @@ func (key *PublicKey) GetAuthorizedString() string {
|
|||||||
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
|
return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
|
||||||
}
|
}
|
||||||
|
|
||||||
var minimumKeySizes = map[string]int{
|
|
||||||
"(ED25519)": 256,
|
|
||||||
"(ECDSA)": 256,
|
|
||||||
"(NTRU)": 1087,
|
|
||||||
"(MCE)": 1702,
|
|
||||||
"(McE)": 1702,
|
|
||||||
"(RSA)": 1024,
|
|
||||||
"(DSA)": 1024,
|
|
||||||
}
|
|
||||||
|
|
||||||
func extractTypeFromBase64Key(key string) (string, error) {
|
func extractTypeFromBase64Key(key string) (string, error) {
|
||||||
b, err := base64.StdEncoding.DecodeString(key)
|
b, err := base64.StdEncoding.DecodeString(key)
|
||||||
if err != nil || len(b) < 4 {
|
if err != nil || len(b) < 4 {
|
||||||
@ -251,8 +241,8 @@ func CheckPublicKeyString(content string) (_ string, err error) {
|
|||||||
if keySize == 0 {
|
if keySize == 0 {
|
||||||
return "", errors.New("cannot get key size of the given key")
|
return "", errors.New("cannot get key size of the given key")
|
||||||
}
|
}
|
||||||
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
|
keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()")
|
||||||
if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
|
if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
|
||||||
return "", errors.New("sorry, unrecognized public key type")
|
return "", errors.New("sorry, unrecognized public key type")
|
||||||
} else if keySize < minimumKeySize {
|
} else if keySize < minimumKeySize {
|
||||||
return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
|
return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
|
||||||
|
@ -434,6 +434,7 @@ var Service struct {
|
|||||||
EnableReverseProxyAuth bool
|
EnableReverseProxyAuth bool
|
||||||
EnableReverseProxyAutoRegister bool
|
EnableReverseProxyAutoRegister bool
|
||||||
DisableMinimumKeySizeCheck bool
|
DisableMinimumKeySizeCheck bool
|
||||||
|
MinimumKeySizes map[string]int
|
||||||
EnableCaptcha bool
|
EnableCaptcha bool
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -449,6 +450,11 @@ func newService() {
|
|||||||
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
|
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
|
||||||
Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
|
Service.DisableMinimumKeySizeCheck = sec.Key("DISABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
|
||||||
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
|
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
|
||||||
|
|
||||||
|
minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys()
|
||||||
|
for _, key := range minimumKeySizes {
|
||||||
|
Service.MinimumKeySizes[key.Name()] = key.MustInt()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var logLevels = map[string]string{
|
var logLevels = map[string]string{
|
||||||
|
Loading…
Reference in New Issue
Block a user