diff --git a/src/common/secret/store.go b/src/common/secret/store.go index 42e0babd4..8e4f30d0e 100644 --- a/src/common/secret/store.go +++ b/src/common/secret/store.go @@ -17,6 +17,8 @@ package secret const ( // JobserviceUser is the name of jobservice user JobserviceUser = "harbor-jobservice" + // ProxyserviceUser is the name of proxyservice user + ProxyserviceUser = "harbor-proxyservice" // CoreUser is the name of ui user CoreUser = "harbor-core" ) diff --git a/src/common/security/secret/context.go b/src/common/security/secret/context.go index 0c82ff2c2..4476ab606 100644 --- a/src/common/security/secret/context.go +++ b/src/common/security/secret/context.go @@ -79,5 +79,7 @@ func (s *SecurityContext) Can(action types.Action, resource types.Resource) bool if s.store == nil { return false } - return s.store.GetUsername(s.secret) == secret.JobserviceUser || s.store.GetUsername(s.secret) == secret.CoreUser + return s.store.GetUsername(s.secret) == secret.JobserviceUser || + s.store.GetUsername(s.secret) == secret.CoreUser || + s.store.GetUsername(s.secret) == secret.ProxyserviceUser } diff --git a/src/common/utils/utils.go b/src/common/utils/utils.go index 9faecceeb..2d7e11d93 100644 --- a/src/common/utils/utils.go +++ b/src/common/utils/utils.go @@ -64,10 +64,9 @@ func ParseRepository(repository string) (project, rest string) { return } -// GenerateRandomString generates a random string -func GenerateRandomString() string { - length := 32 - const chars = "abcdefghijklmnopqrstuvwxyz0123456789" +// GenerateRandomStringWithLen generates a random string with length +func GenerateRandomStringWithLen(length int) string { + const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" l := len(chars) result := make([]byte, length) _, err := rand.Read(result) @@ -80,6 +79,11 @@ func GenerateRandomString() string { return string(result) } +// GenerateRandomString generate a random string with 32 byte length +func GenerateRandomString() string { + return GenerateRandomStringWithLen(32) +} + // TestTCPConn tests TCP connection // timeout: the total time before returning if something is wrong // with the connection, in second diff --git a/src/common/utils/utils_test.go b/src/common/utils/utils_test.go index b81da95ed..378e38a99 100644 --- a/src/common/utils/utils_test.go +++ b/src/common/utils/utils_test.go @@ -153,6 +153,13 @@ func TestGenerateRandomString(t *testing.T) { } } +func TestGenerateRandomStringWithLen(t *testing.T) { + str := GenerateRandomStringWithLen(16) + if len(str) != 16 { + t.Errorf("Failed to generate ramdom string with fixed length.") + } +} + func TestParseLink(t *testing.T) { raw := "" links := ParseLink(raw) diff --git a/src/core/config/config.go b/src/core/config/config.go index 5d877a153..709cbe2d4 100755 --- a/src/core/config/config.go +++ b/src/core/config/config.go @@ -29,6 +29,8 @@ import ( "github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/core/promgr/pmsdriver/local" "github.com/goharbor/harbor/src/lib/log" + + "github.com/goharbor/harbor/src/common/utils" ) const ( @@ -48,6 +50,8 @@ var ( // defined as a var for testing. defaultCACertPath = "/etc/core/ca/ca.crt" cfgMgr *comcfg.CfgManager + // ProxyServiceSecret is the secret used by proxy service + ProxyServiceSecret = utils.GenerateRandomStringWithLen(16) ) // Init configurations @@ -88,6 +92,7 @@ func initKeyProvider() { func initSecretStore() { m := map[string]string{} m[JobserviceSecret()] = secret.JobserviceUser + m[ProxyServiceSecret] = secret.ProxyserviceUser SecretStore = secret.NewStore(m) } diff --git a/src/core/service/token/authutils.go b/src/core/service/token/authutils.go index 0c15edbcb..320c1b213 100644 --- a/src/core/service/token/authutils.go +++ b/src/core/service/token/authutils.go @@ -16,7 +16,6 @@ package token import ( "crypto" - "crypto/rand" "encoding/base64" "encoding/json" "fmt" @@ -27,6 +26,7 @@ import ( "github.com/docker/libtrust" "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/common/security" + "github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/lib/log" @@ -150,10 +150,7 @@ func makeTokenCore(issuer, subject, audience string, expiration int, KeyID: signingKey.KeyID(), } - jwtID, err := randString(16) - if err != nil { - return nil, 0, nil, fmt.Errorf("Error to generate jwt id: %s", err) - } + jwtID := utils.GenerateRandomStringWithLen(16) now := time.Now().UTC() issuedAt = &now @@ -194,19 +191,6 @@ func makeTokenCore(issuer, subject, audience string, expiration int, return } -func randString(length int) (string, error) { - const alphanum = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - rb := make([]byte, length) - _, err := rand.Read(rb) - if err != nil { - return "", err - } - for i, b := range rb { - rb[i] = alphanum[int(b)%len(alphanum)] - } - return string(rb), nil -} - func base64UrlEncode(b []byte) string { return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=") }