Add temporary secret for harbor proxy service

Use GenerateRandomStringWithLength function to generate secret for harbor_proxyservice Add harbor-proxyservice secret used by proxy service Signed-off-by: stonezdj <stonezdj@gmail.com>
2024-11-17 07:45:24 +01:00 · 2020-06-15 14:43:35 +08:00 · 2020-06-15 14:43:35 +08:00 · 82f59cb760
commit 82f59cb760
parent 373ac25b9b
6 changed files with 27 additions and 23 deletions
--- a/src/common/secret/store.go
+++ b/src/common/secret/store.go
@ -17,6 +17,8 @@ package secret
 const (
 	// JobserviceUser is the name of jobservice user
 	JobserviceUser = "harbor-jobservice"
+	// ProxyserviceUser is the name of proxyservice user
+	ProxyserviceUser = "harbor-proxyservice"
 	// CoreUser is the name of ui user
 	CoreUser = "harbor-core"
 )
--- a/src/common/security/secret/context.go
+++ b/src/common/security/secret/context.go
@ -79,5 +79,7 @@ func (s *SecurityContext) Can(action types.Action, resource types.Resource) bool
 	if s.store == nil {
 		return false
 	}
-	return s.store.GetUsername(s.secret) == secret.JobserviceUser || s.store.GetUsername(s.secret) == secret.CoreUser
+	return s.store.GetUsername(s.secret) == secret.JobserviceUser ||
+		s.store.GetUsername(s.secret) == secret.CoreUser ||
+		s.store.GetUsername(s.secret) == secret.ProxyserviceUser
 }
--- a/src/common/utils/utils.go
+++ b/src/common/utils/utils.go
@ -64,10 +64,9 @@ func ParseRepository(repository string) (project, rest string) {
 	return
 }

-// GenerateRandomString generates a random string
-func GenerateRandomString() string {
-	length := 32
-	const chars = "abcdefghijklmnopqrstuvwxyz0123456789"
+// GenerateRandomStringWithLen generates a random string with length
+func GenerateRandomStringWithLen(length int) string {
+	const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 	l := len(chars)
 	result := make([]byte, length)
 	_, err := rand.Read(result)
@ -80,6 +79,11 @@ func GenerateRandomString() string {
 	return string(result)
 }

+// GenerateRandomString generate a random string with 32 byte length
+func GenerateRandomString() string {
+	return GenerateRandomStringWithLen(32)
+}
+
 // TestTCPConn tests TCP connection
 // timeout: the total time before returning if something is wrong
 // with the connection, in second
--- a/src/common/utils/utils_test.go
+++ b/src/common/utils/utils_test.go
@ -153,6 +153,13 @@ func TestGenerateRandomString(t *testing.T) {
 	}
 }

+func TestGenerateRandomStringWithLen(t *testing.T) {
+	str := GenerateRandomStringWithLen(16)
+	if len(str) != 16 {
+		t.Errorf("Failed to generate ramdom string with fixed length.")
+	}
+}
+
 func TestParseLink(t *testing.T) {
 	raw := ""
 	links := ParseLink(raw)
--- a/src/core/config/config.go
+++ b/src/core/config/config.go
@ -29,6 +29,8 @@ import (
 	"github.com/goharbor/harbor/src/core/promgr"
 	"github.com/goharbor/harbor/src/core/promgr/pmsdriver/local"
 	"github.com/goharbor/harbor/src/lib/log"
+
+	"github.com/goharbor/harbor/src/common/utils"
 )

 const (
@ -48,6 +50,8 @@ var (
 	// defined as a var for testing.
 	defaultCACertPath = "/etc/core/ca/ca.crt"
 	cfgMgr            *comcfg.CfgManager
+	// ProxyServiceSecret is the secret used by proxy service
+	ProxyServiceSecret = utils.GenerateRandomStringWithLen(16)
 )

 // Init configurations
@ -88,6 +92,7 @@ func initKeyProvider() {
 func initSecretStore() {
 	m := map[string]string{}
 	m[JobserviceSecret()] = secret.JobserviceUser
+	m[ProxyServiceSecret] = secret.ProxyserviceUser
 	SecretStore = secret.NewStore(m)
 }

--- a/src/core/service/token/authutils.go
+++ b/src/core/service/token/authutils.go
@ -16,7 +16,6 @@ package token

 import (
 	"crypto"
-	"crypto/rand"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@ -27,6 +26,7 @@ import (
 	"github.com/docker/libtrust"
 	"github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/common/security"
+	"github.com/goharbor/harbor/src/common/utils"
 	"github.com/goharbor/harbor/src/core/config"
 	"github.com/goharbor/harbor/src/core/promgr"
 	"github.com/goharbor/harbor/src/lib/log"
@ -150,10 +150,7 @@ func makeTokenCore(issuer, subject, audience string, expiration int,
 		KeyID:      signingKey.KeyID(),
 	}

-	jwtID, err := randString(16)
-	if err != nil {
-		return nil, 0, nil, fmt.Errorf("Error to generate jwt id: %s", err)
-	}
+	jwtID := utils.GenerateRandomStringWithLen(16)

 	now := time.Now().UTC()
 	issuedAt = &now
@ -194,19 +191,6 @@ func makeTokenCore(issuer, subject, audience string, expiration int,
 	return
 }

-func randString(length int) (string, error) {
-	const alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-	rb := make([]byte, length)
-	_, err := rand.Read(rb)
-	if err != nil {
-		return "", err
-	}
-	for i, b := range rb {
-		rb[i] = alphanum[int(b)%len(alphanum)]
-	}
-	return string(rb), nil
-}
-
 func base64UrlEncode(b []byte) string {
 	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
 }