kopia lustrzana https://github.com/pixelfed/pixelfed
Update ConfigCacheService, encrypt keys at rest
Daniel Supernault
rodzic
674e560f04
commit
3628b4625c
|
|
@ -685,10 +685,10 @@ trait AdminSettingsController
|
|||
if($captcha) {
|
||||
$secret = $request->input('captcha_secret');
|
||||
$sitekey = $request->input('captcha_sitekey');
|
||||
if(config_cache('captcha.secret') !== $secret && strpos('*', $secret) === false) {
|
||||
if(config_cache('captcha.secret') != $secret && strpos($secret, '*') === false) {
|
||||
ConfigCacheService::put('captcha.secret', $secret);
|
||||
}
|
||||
if(config_cache('captcha.sitekey') !== $sitekey && strpos('*', $sitekey) === false) {
|
||||
if(config_cache('captcha.sitekey') != $sitekey && strpos($sitekey, '*') === false) {
|
||||
ConfigCacheService::put('captcha.sitekey', $sitekey);
|
||||
}
|
||||
ConfigCacheService::put('captcha.active.login', $request->boolean('captcha_on_login'));
|
||||
|
|
|
|||
|
|
@ -8,6 +8,14 @@ use Cache;
|
|||
class ConfigCacheService
|
||||
{
|
||||
const CACHE_KEY = 'config_cache:_v0-key:';
|
||||
const PROTECTED_KEYS = [
|
||||
'filesystems.disks.s3.key',
|
||||
'filesystems.disks.s3.secret',
|
||||
'filesystems.disks.spaces.key',
|
||||
'filesystems.disks.spaces.secret',
|
||||
'captcha.secret',
|
||||
'captcha.sitekey',
|
||||
];
|
||||
|
||||
public static function get($key)
|
||||
{
|
||||
|
|
@ -135,20 +143,34 @@ class ConfigCacheService
|
|||
return config($key);
|
||||
}
|
||||
|
||||
$protect = false;
|
||||
$protected = null;
|
||||
if(in_array($key, self::PROTECTED_KEYS)) {
|
||||
$protect = true;
|
||||
}
|
||||
|
||||
$v = config($key);
|
||||
$c = ConfigCacheModel::where('k', $key)->first();
|
||||
|
||||
if ($c) {
|
||||
return $c->v ?? config($key);
|
||||
if($protect) {
|
||||
return decrypt($c->v) ?? config($key);
|
||||
} else {
|
||||
return $c->v ?? config($key);
|
||||
}
|
||||
}
|
||||
|
||||
if (! $v) {
|
||||
return;
|
||||
}
|
||||
|
||||
if($protect && $v) {
|
||||
$protected = encrypt($v);
|
||||
}
|
||||
|
||||
$cc = new ConfigCacheModel;
|
||||
$cc->k = $key;
|
||||
$cc->v = $v;
|
||||
$cc->v = $protect ? $protected : $v;
|
||||
$cc->save();
|
||||
|
||||
return $v;
|
||||
|
|
@ -159,8 +181,15 @@ class ConfigCacheService
|
|||
{
|
||||
$exists = ConfigCacheModel::whereK($key)->first();
|
||||
|
||||
$protect = false;
|
||||
$protected = null;
|
||||
if(in_array($key, self::PROTECTED_KEYS)) {
|
||||
$protect = true;
|
||||
$protected = encrypt($val);
|
||||
}
|
||||
|
||||
if ($exists) {
|
||||
$exists->v = $val;
|
||||
$exists->v = $protect ? $protected : $val;
|
||||
$exists->save();
|
||||
Cache::put(self::CACHE_KEY.$key, $val, now()->addHours(12));
|
||||
|
||||
|
|
@ -169,7 +198,7 @@ class ConfigCacheService
|
|||
|
||||
$cc = new ConfigCacheModel;
|
||||
$cc->k = $key;
|
||||
$cc->v = $val;
|
||||
$cc->v = $protect ? $protected : $val;
|
||||
$cc->save();
|
||||
|
||||
Cache::put(self::CACHE_KEY.$key, $val, now()->addHours(12));
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue