Security: Refactor certs path config #98
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
parent
fc58c4a875
commit
265fdd0dd3
6 changed files with 24 additions and 23 deletions
|
@ -125,10 +125,10 @@ func (c *Config) CreateDirectories() error {
|
|||
return createError(c.ConfigPath(), err)
|
||||
}
|
||||
|
||||
if c.CertsConfigPath() == "" {
|
||||
return notFoundError("certs config")
|
||||
} else if err := os.MkdirAll(c.CertsConfigPath(), os.ModePerm); err != nil {
|
||||
return createError(c.CertsConfigPath(), err)
|
||||
if c.CertsPath() == "" {
|
||||
return notFoundError("certs")
|
||||
} else if err := os.MkdirAll(c.CertsPath(), os.ModePerm); err != nil {
|
||||
return createError(c.CertsPath(), err)
|
||||
}
|
||||
|
||||
if c.TempPath() == "" {
|
||||
|
@ -193,11 +193,6 @@ func (c *Config) ConfigPath() string {
|
|||
return fs.Abs(c.options.ConfigPath)
|
||||
}
|
||||
|
||||
// CertsConfigPath returns the certificate config path
|
||||
func (c *Config) CertsConfigPath() string {
|
||||
return filepath.Join(c.ConfigPath(), "certs")
|
||||
}
|
||||
|
||||
// OptionsYaml returns the config options YAML filename.
|
||||
func (c *Config) OptionsYaml() string {
|
||||
return filepath.Join(c.ConfigPath(), "options.yml")
|
||||
|
|
|
@ -88,15 +88,6 @@ func TestConfig_TempPath(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestConfig_CertsConfigPath(t *testing.T) {
|
||||
c := NewConfig(CliTestContext())
|
||||
if dir := c.CertsConfigPath(); dir == "" {
|
||||
t.Fatal("cert config path is empty")
|
||||
} else if !strings.HasPrefix(dir, c.ConfigPath()) {
|
||||
t.Fatalf("unexpected cert config path: %s", dir)
|
||||
}
|
||||
}
|
||||
|
||||
func TestConfig_CmdCachePath(t *testing.T) {
|
||||
c := NewConfig(CliTestContext())
|
||||
if dir := c.CmdCachePath(); dir == "" {
|
||||
|
|
|
@ -7,6 +7,11 @@ import (
|
|||
"github.com/photoprism/photoprism/pkg/fs"
|
||||
)
|
||||
|
||||
// CertsPath returns the path to the TLS certificates and keys.
|
||||
func (c *Config) CertsPath() string {
|
||||
return filepath.Join(c.ConfigPath(), "certs")
|
||||
}
|
||||
|
||||
// AutoTLS returns the email address for enabling automatic HTTPS via Let's Encrypt.
|
||||
func (c *Config) AutoTLS() string {
|
||||
return clean.Email(c.options.AutoTLS)
|
||||
|
@ -18,7 +23,7 @@ func (c *Config) TLSKey() string {
|
|||
return ""
|
||||
} else if fs.FileExistsNotEmpty(c.options.TLSKey) {
|
||||
return c.options.TLSKey
|
||||
} else if fileName := filepath.Join(c.CertsConfigPath(), c.options.TLSKey); fs.FileExistsNotEmpty(fileName) {
|
||||
} else if fileName := filepath.Join(c.CertsPath(), c.options.TLSKey); fs.FileExistsNotEmpty(fileName) {
|
||||
return fileName
|
||||
}
|
||||
|
||||
|
@ -31,7 +36,7 @@ func (c *Config) TLSCert() string {
|
|||
return ""
|
||||
} else if fs.FileExistsNotEmpty(c.options.TLSCert) {
|
||||
return c.options.TLSCert
|
||||
} else if fileName := filepath.Join(c.CertsConfigPath(), c.options.TLSCert); fs.FileExistsNotEmpty(fileName) {
|
||||
} else if fileName := filepath.Join(c.CertsPath(), c.options.TLSCert); fs.FileExistsNotEmpty(fileName) {
|
||||
return fileName
|
||||
}
|
||||
|
||||
|
|
|
@ -1,11 +1,21 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestConfig_CertsPath(t *testing.T) {
|
||||
c := NewConfig(CliTestContext())
|
||||
if dir := c.CertsPath(); dir == "" {
|
||||
t.Fatal("certs path is empty")
|
||||
} else if !strings.HasPrefix(dir, c.ConfigPath()) {
|
||||
t.Fatalf("unexpected certs path: %s", dir)
|
||||
}
|
||||
}
|
||||
|
||||
func TestConfig_AutoTLS(t *testing.T) {
|
||||
c := NewConfig(CliTestContext())
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ func (c *Config) Report() (rows [][]string, cols []string) {
|
|||
|
||||
// Config.
|
||||
{"config-path", c.ConfigPath()},
|
||||
{"certs-path", c.CertsPath()},
|
||||
{"options-yaml", c.OptionsYaml()},
|
||||
{"defaults-yaml", c.DefaultsYaml()},
|
||||
{"settings-yaml", c.SettingsYaml()},
|
||||
|
@ -50,7 +51,6 @@ func (c *Config) Report() (rows [][]string, cols []string) {
|
|||
{"albums-path", c.AlbumsPath()},
|
||||
{"backup-path", c.BackupPath()},
|
||||
{"cache-path", c.CachePath()},
|
||||
{"cert-cache-path", c.CertsConfigPath()},
|
||||
{"cmd-cache-path", c.CmdCachePath()},
|
||||
{"thumb-cache-path", c.ThumbCachePath()},
|
||||
{"import-path", c.ImportPath()},
|
|
@ -20,8 +20,8 @@ func AutoTLS(conf *config.Config) (*autocert.Manager, error) {
|
|||
return nil, fmt.Errorf("no fully qualified site domain")
|
||||
} else if tlsEmail = conf.AutoTLS(); tlsEmail == "" {
|
||||
return nil, fmt.Errorf("automatic tls disabled")
|
||||
} else if certDir = conf.CertsConfigPath(); certDir == "" {
|
||||
return nil, fmt.Errorf("https certificate cache directory is missing")
|
||||
} else if certDir = conf.CertsPath(); certDir == "" {
|
||||
return nil, fmt.Errorf("certs path not found")
|
||||
}
|
||||
|
||||
// Create Let's Encrypt cert manager.
|
||||
|
|
Loading…
Reference in a new issue