mirror of
https://code.forgejo.org/forgejo/runner.git
synced 2025-09-15 18:57:01 +00:00
Fix security issues with cache by proxying access (#503)
This is the forgejo-runner-side patch for a partial overhaul of the cache system to fix some access control issues with caches. This code depends on changes in act which are being reviewed here: forgejo/act#107 Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/502 Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/503 Reviewed-by: Gusted <gusted@noreply.code.forgejo.org> Co-authored-by: Kwonunn <kwonunnx@gmail.com> Co-committed-by: Kwonunn <kwonunnx@gmail.com>
This commit is contained in:
parent
e5e28d16a5
commit
46eb63a952
8 changed files with 139 additions and 38 deletions
|
@ -17,9 +17,10 @@ import (
|
|||
)
|
||||
|
||||
type cacheServerArgs struct {
|
||||
Dir string
|
||||
Host string
|
||||
Port uint16
|
||||
Dir string
|
||||
Host string
|
||||
Port uint16
|
||||
Secret string
|
||||
}
|
||||
|
||||
func runCacheServer(ctx context.Context, configFile *string, cacheArgs *cacheServerArgs) func(cmd *cobra.Command, args []string) error {
|
||||
|
@ -32,9 +33,10 @@ func runCacheServer(ctx context.Context, configFile *string, cacheArgs *cacheSer
|
|||
initLogging(cfg)
|
||||
|
||||
var (
|
||||
dir = cfg.Cache.Dir
|
||||
host = cfg.Cache.Host
|
||||
port = cfg.Cache.Port
|
||||
dir = cfg.Cache.Dir
|
||||
host = cfg.Cache.Host
|
||||
port = cfg.Cache.Port
|
||||
secret = cfg.Cache.Secret
|
||||
)
|
||||
|
||||
// cacheArgs has higher priority
|
||||
|
@ -47,11 +49,21 @@ func runCacheServer(ctx context.Context, configFile *string, cacheArgs *cacheSer
|
|||
if cacheArgs.Port != 0 {
|
||||
port = cacheArgs.Port
|
||||
}
|
||||
if cacheArgs.Secret != "" {
|
||||
secret = cacheArgs.Secret
|
||||
}
|
||||
|
||||
if secret == "" {
|
||||
// no cache secret was specified, panic
|
||||
log.Error("no cache secret was specified, exiting.")
|
||||
return nil
|
||||
}
|
||||
|
||||
cacheHandler, err := artifactcache.StartHandler(
|
||||
dir,
|
||||
host,
|
||||
port,
|
||||
secret,
|
||||
log.StandardLogger().WithField("module", "cache_request"),
|
||||
)
|
||||
if err != nil {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue