From 2a986b38e6f93ca60e5cf08bafc94357cc74415d Mon Sep 17 00:00:00 2001 From: Emmanuel Averty Date: Tue, 8 Aug 2023 22:54:06 +0200 Subject: [PATCH] fix: add oauth jwt token --- conf/app.ini | 90 +++++++++++++++++++++++++------------------------ scripts/install | 2 ++ scripts/upgrade | 6 ++++ 3 files changed, 54 insertions(+), 44 deletions(-) diff --git a/conf/app.ini b/conf/app.ini index cda177d..615f467 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -5,51 +5,51 @@ RUN_MODE = prod WORK_PATH = __INSTALL_DIR__ [database] -DB_TYPE = postgres -HOST = 127.0.0.1:5432 -NAME = __DB_NAME__ -USER = __DB_USER__ -PASSWD = __DB_PWD__ +DB_TYPE = postgres +HOST = 127.0.0.1:5432 +NAME = __DB_NAME__ +USER = __DB_USER__ +PASSWD = __DB_PWD__ SSL_MODE = disable -LOG_SQL = false +LOG_SQL = false [repository] -ROOT = __DATA_DIR__/repositories +ROOT = __DATA_DIR__/repositories FORCE_PRIVATE = false [server] -DOMAIN = __DOMAIN__ -HTTP_PORT = __PORT__ -HTTP_ADDR = 127.0.0.1 -ROOT_URL = https://__DOMAIN____PATH__ -DISABLE_SSH = false -SSH_PORT = __SSH_PORT__ -OFFLINE_MODE = false -APP_DATA_PATH = __DATA_DIR__/data -LANDING_PAGE = explore +DOMAIN = __DOMAIN__ +HTTP_PORT = __PORT__ +HTTP_ADDR = 127.0.0.1 +ROOT_URL = https://__DOMAIN____PATH__ +DISABLE_SSH = false +SSH_PORT = __SSH_PORT__ +OFFLINE_MODE = false +APP_DATA_PATH = __DATA_DIR__/data +LANDING_PAGE = explore LFS_START_SERVER = true -LFS_JWT_SECRET = __LFS_JWT_SECRET__ -LOCAL_ROOT_URL = http://127.0.0.1:__PORT__/ +LFS_JWT_SECRET = __LFS_JWT_SECRET__ +LOCAL_ROOT_URL = http://127.0.0.1:__PORT__/ [mailer] -ENABLED = true -SMTP_ADDR = localhost -SMTP_PORT = 25 -FROM = "Forgejo" +ENABLED = true +SMTP_ADDR = localhost +SMTP_PORT = 25 +FROM = "Forgejo" FORCE_TRUST_SERVER_CERT = true [service] -REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = true -DISABLE_REGISTRATION = true -ENABLE_CAPTCHA = false -REQUIRE_SIGNIN_VIEW = false -ENABLE_REVERSE_PROXY_AUTHENTICATION = true +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = true +DISABLE_REGISTRATION = true +ENABLE_CAPTCHA = false +REQUIRE_SIGNIN_VIEW = false +ENABLE_REVERSE_PROXY_AUTHENTICATION = true ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true -ENABLE_REVERSE_PROXY_EMAIL = true +ENABLE_REVERSE_PROXY_EMAIL = true [picture] -AVATAR_UPLOAD_PATH = __DATA_DIR__/data/avatars +AVATAR_UPLOAD_PATH = __DATA_DIR__/data/avatars REPOSITORY_AVATAR_UPLOAD_PATH = __DATA_DIR__/data/repo-avatars [attachment] @@ -59,29 +59,31 @@ PATH = __DATA_DIR__/attachments PROVIDER = memory [log] -MODE = file -LEVEL = Info -ROOT_PATH = /var/log/__APP__ - -logger.access.MODE = -logger.router.MODE = router -logger.xorm.MODE = xorm +MODE = file +LEVEL = Info +ROOT_PATH = /var/log/__APP__ +logger.access.MODE = +logger.router.MODE = router +logger.xorm.MODE = xorm [log.file] FILE_NAME = forgejo.log [log.router] FILE_NAME = router.log -LEVEL = Warn +LEVEL = Warn [log.xorm] FILE_NAME = xorm.log -LEVEL = Warn +LEVEL = Warn [security] -INSTALL_LOCK = true -SECRET_KEY = __SECRET_KEY__ -REVERSE_PROXY_AUTHENTICATION_USER = REMOTE-USER +INSTALL_LOCK = true +SECRET_KEY = __SECRET_KEY__ +REVERSE_PROXY_AUTHENTICATION_USER = REMOTE-USER REVERSE_PROXY_AUTHENTICATION_EMAIL = EMAIL -REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 -INTERNAL_TOKEN = __INTERNAL_TOKEN__ +REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 +INTERNAL_TOKEN = __INTERNAL_TOKEN__ + +[oauth2] +JWT_SECRET = __OAUTH2_JWT_SECRET__ diff --git a/scripts/install b/scripts/install index e687306..4441ee9 100644 --- a/scripts/install +++ b/scripts/install @@ -29,9 +29,11 @@ chown -R $app:$app "$install_dir/custom" secret_key=$($install_dir/forgejo generate secret SECRET_KEY) lfs_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) internal_token=$($install_dir/forgejo generate secret INTERNAL_TOKEN) +oauth2_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token +ynh_app_setting_set --app=$app --key=oauth2_jwt_secret --value=$oauth2_jwt_secret #================================================= # ADD A CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 5d1fe0e..dbada2c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -80,6 +80,12 @@ if [ -z ${internal_token:-} ]; then ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token fi +# If oauth2_jwt_secret doesn't exist, create it +if [ -z ${oauth2_jwt_secret:-} ]; then + oauth2_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) + ynh_app_setting_set --app=$app --key=oauth2_jwt_secret --value=$oauth2_jwt_secret +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #=================================================