Avoid polluting the config (#25345) (#25354)

Backport #25345 by @wxiaoguang

Caught by #25330

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
Giteabot 2023-06-18 16:56:50 -04:00 committed by GitHub
parent e0bd6ebabd
commit e9fab3ea3e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 13 deletions

View file

@ -30,7 +30,7 @@ func loadMirrorFrom(rootCfg ConfigProvider) {
// DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version // DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version
// if these are removed, the warning will not be shown // if these are removed, the warning will not be shown
deprecatedSetting(rootCfg, "repository", "DISABLE_MIRRORS", "mirror", "ENABLED", "v1.19.0") deprecatedSetting(rootCfg, "repository", "DISABLE_MIRRORS", "mirror", "ENABLED", "v1.19.0")
if rootCfg.Section("repository").Key("DISABLE_MIRRORS").MustBool(false) { if ConfigSectionKeyBool(rootCfg.Section("repository"), "DISABLE_MIRRORS") {
Mirror.DisableNewPull = true Mirror.DisableNewPull = true
} }

View file

@ -120,18 +120,20 @@ func loadOAuth2From(rootCfg ConfigProvider) {
OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile) OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
} }
key := make([]byte, 32) if InstallLock {
n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64)) key := make([]byte, 32)
if err != nil || n != 32 { n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64))
key, err = generate.NewJwtSecret() if err != nil || n != 32 {
if err != nil { key, err = generate.NewJwtSecret()
log.Fatal("error generating JWT secret: %v", err) if err != nil {
} log.Fatal("error generating JWT secret: %v", err)
}
secretBase64 := base64.RawURLEncoding.EncodeToString(key) secretBase64 := base64.RawURLEncoding.EncodeToString(key)
rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64) rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64)
if err := rootCfg.Save(); err != nil { if err := rootCfg.Save(); err != nil {
log.Fatal("save oauth2.JWT_SECRET failed: %v", err) log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
}
} }
} }
} }

View file

@ -262,7 +262,7 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
RunUser = rootSec.Key("RUN_USER").MustString(user.CurrentUsername()) RunUser = rootSec.Key("RUN_USER").MustString(user.CurrentUsername())
// The following is a purposefully undocumented option. Please do not run Gitea as root. It will only cause future headaches. // The following is a purposefully undocumented option. Please do not run Gitea as root. It will only cause future headaches.
// Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly. // Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly.
unsafeAllowRunAsRoot := rootSec.Key("I_AM_BEING_UNSAFE_RUNNING_AS_ROOT").MustBool(false) unsafeAllowRunAsRoot := ConfigSectionKeyBool(rootSec, "I_AM_BEING_UNSAFE_RUNNING_AS_ROOT")
RunMode = os.Getenv("GITEA_RUN_MODE") RunMode = os.Getenv("GITEA_RUN_MODE")
if RunMode == "" { if RunMode == "" {
RunMode = rootSec.Key("RUN_MODE").MustString("prod") RunMode = rootSec.Key("RUN_MODE").MustString("prod")