mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-10 00:34:50 +00:00
Update ConfigCacheService, encrypt keys at rest
This commit is contained in:
parent
674e560f04
commit
3628b4625c
2 changed files with 35 additions and 6 deletions
|
@ -685,10 +685,10 @@ trait AdminSettingsController
|
||||||
if($captcha) {
|
if($captcha) {
|
||||||
$secret = $request->input('captcha_secret');
|
$secret = $request->input('captcha_secret');
|
||||||
$sitekey = $request->input('captcha_sitekey');
|
$sitekey = $request->input('captcha_sitekey');
|
||||||
if(config_cache('captcha.secret') !== $secret && strpos('*', $secret) === false) {
|
if(config_cache('captcha.secret') != $secret && strpos($secret, '*') === false) {
|
||||||
ConfigCacheService::put('captcha.secret', $secret);
|
ConfigCacheService::put('captcha.secret', $secret);
|
||||||
}
|
}
|
||||||
if(config_cache('captcha.sitekey') !== $sitekey && strpos('*', $sitekey) === false) {
|
if(config_cache('captcha.sitekey') != $sitekey && strpos($sitekey, '*') === false) {
|
||||||
ConfigCacheService::put('captcha.sitekey', $sitekey);
|
ConfigCacheService::put('captcha.sitekey', $sitekey);
|
||||||
}
|
}
|
||||||
ConfigCacheService::put('captcha.active.login', $request->boolean('captcha_on_login'));
|
ConfigCacheService::put('captcha.active.login', $request->boolean('captcha_on_login'));
|
||||||
|
|
|
@ -8,6 +8,14 @@ use Cache;
|
||||||
class ConfigCacheService
|
class ConfigCacheService
|
||||||
{
|
{
|
||||||
const CACHE_KEY = 'config_cache:_v0-key:';
|
const CACHE_KEY = 'config_cache:_v0-key:';
|
||||||
|
const PROTECTED_KEYS = [
|
||||||
|
'filesystems.disks.s3.key',
|
||||||
|
'filesystems.disks.s3.secret',
|
||||||
|
'filesystems.disks.spaces.key',
|
||||||
|
'filesystems.disks.spaces.secret',
|
||||||
|
'captcha.secret',
|
||||||
|
'captcha.sitekey',
|
||||||
|
];
|
||||||
|
|
||||||
public static function get($key)
|
public static function get($key)
|
||||||
{
|
{
|
||||||
|
@ -135,20 +143,34 @@ class ConfigCacheService
|
||||||
return config($key);
|
return config($key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$protect = false;
|
||||||
|
$protected = null;
|
||||||
|
if(in_array($key, self::PROTECTED_KEYS)) {
|
||||||
|
$protect = true;
|
||||||
|
}
|
||||||
|
|
||||||
$v = config($key);
|
$v = config($key);
|
||||||
$c = ConfigCacheModel::where('k', $key)->first();
|
$c = ConfigCacheModel::where('k', $key)->first();
|
||||||
|
|
||||||
if ($c) {
|
if ($c) {
|
||||||
|
if($protect) {
|
||||||
|
return decrypt($c->v) ?? config($key);
|
||||||
|
} else {
|
||||||
return $c->v ?? config($key);
|
return $c->v ?? config($key);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (! $v) {
|
if (! $v) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if($protect && $v) {
|
||||||
|
$protected = encrypt($v);
|
||||||
|
}
|
||||||
|
|
||||||
$cc = new ConfigCacheModel;
|
$cc = new ConfigCacheModel;
|
||||||
$cc->k = $key;
|
$cc->k = $key;
|
||||||
$cc->v = $v;
|
$cc->v = $protect ? $protected : $v;
|
||||||
$cc->save();
|
$cc->save();
|
||||||
|
|
||||||
return $v;
|
return $v;
|
||||||
|
@ -159,8 +181,15 @@ class ConfigCacheService
|
||||||
{
|
{
|
||||||
$exists = ConfigCacheModel::whereK($key)->first();
|
$exists = ConfigCacheModel::whereK($key)->first();
|
||||||
|
|
||||||
|
$protect = false;
|
||||||
|
$protected = null;
|
||||||
|
if(in_array($key, self::PROTECTED_KEYS)) {
|
||||||
|
$protect = true;
|
||||||
|
$protected = encrypt($val);
|
||||||
|
}
|
||||||
|
|
||||||
if ($exists) {
|
if ($exists) {
|
||||||
$exists->v = $val;
|
$exists->v = $protect ? $protected : $val;
|
||||||
$exists->save();
|
$exists->save();
|
||||||
Cache::put(self::CACHE_KEY.$key, $val, now()->addHours(12));
|
Cache::put(self::CACHE_KEY.$key, $val, now()->addHours(12));
|
||||||
|
|
||||||
|
@ -169,7 +198,7 @@ class ConfigCacheService
|
||||||
|
|
||||||
$cc = new ConfigCacheModel;
|
$cc = new ConfigCacheModel;
|
||||||
$cc->k = $key;
|
$cc->k = $key;
|
||||||
$cc->v = $val;
|
$cc->v = $protect ? $protected : $val;
|
||||||
$cc->save();
|
$cc->save();
|
||||||
|
|
||||||
Cache::put(self::CACHE_KEY.$key, $val, now()->addHours(12));
|
Cache::put(self::CACHE_KEY.$key, $val, now()->addHours(12));
|
||||||
|
|
Loading…
Reference in a new issue