2023-02-20 00:12:01 +08:00
// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package setting
import (
"net/url"
"os"
"strings"
"code.gitea.io/gitea/modules/auth/password/hash"
"code.gitea.io/gitea/modules/generate"
[SEC] Add `keying` module
The keying modules tries to solve two problems, the lack of key
separation and the lack of AEAD being used for encryption. The currently
used `secrets` doesn't provide this and is hard to adjust to provide
this functionality.
For encryption, the additional data is now a parameter that can be used,
as the underlying primitive is an AEAD constructions. This allows for
context binding to happen and can be seen as defense-in-depth; it
ensures that if a value X is encrypted for context Y (e.g. ID=3,
Column="private_key") it will only decrypt if that context Y is also
given in the Decrypt function. This makes confused deputy attack harder
to exploit.[^1]
For key separation, HKDF is used to derives subkeys from some IKM, which
is the value of the `[service].SECRET_KEY` config setting. The context
for subkeys are hardcoded, any variable should be shuffled into the the
additional data parameter when encrypting.
[^1]: This is still possible, because the used AEAD construction is not
key-comitting. For Forgejo's current use-case this risk is negligible,
because the subkeys aren't known to a malicious user (which is required
for such attack), unless they also have access to the IKM (at which
point you can assume the whole system is compromised). See
https://scottarc.blog/2022/10/17/lucid-multi-key-deputies-require-commitment/
2024-08-20 23:13:04 +02:00
"code.gitea.io/gitea/modules/keying"
2023-02-20 00:12:01 +08:00
"code.gitea.io/gitea/modules/log"
)
var (
// Security settings
InstallLock bool
SecretKey string
InternalToken string // internal access token
LogInRememberDays int
CookieRememberName string
ReverseProxyAuthUser string
ReverseProxyAuthEmail string
ReverseProxyAuthFullName string
ReverseProxyLimit int
ReverseProxyTrustedProxies [ ] string
MinPasswordLength int
ImportLocalPaths bool
DisableGitHooks bool
DisableWebhooks bool
OnlyAllowPushIfGiteaEnvironmentSet bool
PasswordComplexity [ ] string
PasswordHashAlgo string
PasswordCheckPwn bool
SuccessfulTokensCacheSize int
2023-12-11 22:48:53 -05:00
DisableQueryAuthToken bool
2023-02-20 00:12:01 +08:00
CSRFCookieName = "_csrf"
CSRFCookieHTTPOnly = true
)
// loadSecret load the secret from ini by uriKey or verbatimKey, only one of them could be set
// If the secret is loaded from uriKey (file), the file should be non-empty, to guarantee the behavior stable and clear.
2023-04-25 23:06:39 +08:00
func loadSecret ( sec ConfigSection , uriKey , verbatimKey string ) string {
2023-02-20 00:12:01 +08:00
// don't allow setting both URI and verbatim string
uri := sec . Key ( uriKey ) . String ( )
verbatim := sec . Key ( verbatimKey ) . String ( )
if uri != "" && verbatim != "" {
log . Fatal ( "Cannot specify both %s and %s" , uriKey , verbatimKey )
}
// if we have no URI, use verbatim
if uri == "" {
return verbatim
}
tempURI , err := url . Parse ( uri )
if err != nil {
log . Fatal ( "Failed to parse %s (%s): %v" , uriKey , uri , err )
}
switch tempURI . Scheme {
case "file" :
buf , err := os . ReadFile ( tempURI . RequestURI ( ) )
if err != nil {
log . Fatal ( "Failed to read %s (%s): %v" , uriKey , tempURI . RequestURI ( ) , err )
}
val := strings . TrimSpace ( string ( buf ) )
if val == "" {
// The file shouldn't be empty, otherwise we can not know whether the user has ever set the KEY or KEY_URI
// For example: if INTERNAL_TOKEN_URI=file:///empty-file,
// Then if the token is re-generated during installation and saved to INTERNAL_TOKEN
// Then INTERNAL_TOKEN and INTERNAL_TOKEN_URI both exist, that's a fatal error (they shouldn't)
log . Fatal ( "Failed to read %s (%s): the file is empty" , uriKey , tempURI . RequestURI ( ) )
}
return val
// only file URIs are allowed
default :
2023-06-22 20:16:12 -04:00
log . Fatal ( "Unsupported URI-Scheme %q (%q = %q)" , tempURI . Scheme , uriKey , uri )
2023-02-20 00:12:01 +08:00
return ""
}
}
// generateSaveInternalToken generates and saves the internal token to app.ini
2023-04-25 23:06:39 +08:00
func generateSaveInternalToken ( rootCfg ConfigProvider ) {
2023-02-20 00:12:01 +08:00
token , err := generate . NewInternalToken ( )
if err != nil {
log . Fatal ( "Error generate internal token: %v" , err )
}
InternalToken = token
2023-06-21 10:31:40 +08:00
saveCfg , err := rootCfg . PrepareSaving ( )
if err != nil {
log . Fatal ( "Error saving internal token: %v" , err )
}
2023-04-25 23:06:39 +08:00
rootCfg . Section ( "security" ) . Key ( "INTERNAL_TOKEN" ) . SetValue ( token )
2023-06-21 10:31:40 +08:00
saveCfg . Section ( "security" ) . Key ( "INTERNAL_TOKEN" ) . SetValue ( token )
if err = saveCfg . Save ( ) ; err != nil {
2023-04-25 23:06:39 +08:00
log . Fatal ( "Error saving internal token: %v" , err )
}
2023-02-20 00:12:01 +08:00
}
func loadSecurityFrom ( rootCfg ConfigProvider ) {
sec := rootCfg . Section ( "security" )
2023-07-10 06:43:37 +08:00
InstallLock = HasInstallLock ( rootCfg )
2024-03-28 04:13:42 +01:00
LogInRememberDays = sec . Key ( "LOGIN_REMEMBER_DAYS" ) . MustInt ( 31 )
2023-02-20 00:12:01 +08:00
SecretKey = loadSecret ( sec , "SECRET_KEY_URI" , "SECRET_KEY" )
if SecretKey == "" {
// FIXME: https://github.com/go-gitea/gitea/issues/16832
// Until it supports rotating an existing secret key, we shouldn't move users off of the widely used default value
SecretKey = "!#@FDEWREWR&*(" //nolint:gosec
}
[SEC] Add `keying` module
The keying modules tries to solve two problems, the lack of key
separation and the lack of AEAD being used for encryption. The currently
used `secrets` doesn't provide this and is hard to adjust to provide
this functionality.
For encryption, the additional data is now a parameter that can be used,
as the underlying primitive is an AEAD constructions. This allows for
context binding to happen and can be seen as defense-in-depth; it
ensures that if a value X is encrypted for context Y (e.g. ID=3,
Column="private_key") it will only decrypt if that context Y is also
given in the Decrypt function. This makes confused deputy attack harder
to exploit.[^1]
For key separation, HKDF is used to derives subkeys from some IKM, which
is the value of the `[service].SECRET_KEY` config setting. The context
for subkeys are hardcoded, any variable should be shuffled into the the
additional data parameter when encrypting.
[^1]: This is still possible, because the used AEAD construction is not
key-comitting. For Forgejo's current use-case this risk is negligible,
because the subkeys aren't known to a malicious user (which is required
for such attack), unless they also have access to the IKM (at which
point you can assume the whole system is compromised). See
https://scottarc.blog/2022/10/17/lucid-multi-key-deputies-require-commitment/
2024-08-20 23:13:04 +02:00
keying . Init ( [ ] byte ( SecretKey ) )
2023-02-20 00:12:01 +08:00
CookieRememberName = sec . Key ( "COOKIE_REMEMBER_NAME" ) . MustString ( "gitea_incredible" )
ReverseProxyAuthUser = sec . Key ( "REVERSE_PROXY_AUTHENTICATION_USER" ) . MustString ( "X-WEBAUTH-USER" )
ReverseProxyAuthEmail = sec . Key ( "REVERSE_PROXY_AUTHENTICATION_EMAIL" ) . MustString ( "X-WEBAUTH-EMAIL" )
ReverseProxyAuthFullName = sec . Key ( "REVERSE_PROXY_AUTHENTICATION_FULL_NAME" ) . MustString ( "X-WEBAUTH-FULLNAME" )
ReverseProxyLimit = sec . Key ( "REVERSE_PROXY_LIMIT" ) . MustInt ( 1 )
ReverseProxyTrustedProxies = sec . Key ( "REVERSE_PROXY_TRUSTED_PROXIES" ) . Strings ( "," )
if len ( ReverseProxyTrustedProxies ) == 0 {
ReverseProxyTrustedProxies = [ ] string { "127.0.0.0/8" , "::1/128" }
}
2023-08-21 15:27:50 -04:00
MinPasswordLength = sec . Key ( "MIN_PASSWORD_LENGTH" ) . MustInt ( 8 )
2023-02-20 00:12:01 +08:00
ImportLocalPaths = sec . Key ( "IMPORT_LOCAL_PATHS" ) . MustBool ( false )
DisableGitHooks = sec . Key ( "DISABLE_GIT_HOOKS" ) . MustBool ( true )
DisableWebhooks = sec . Key ( "DISABLE_WEBHOOKS" ) . MustBool ( false )
OnlyAllowPushIfGiteaEnvironmentSet = sec . Key ( "ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET" ) . MustBool ( true )
// Ensure that the provided default hash algorithm is a valid hash algorithm
var algorithm * hash . PasswordHashAlgorithm
PasswordHashAlgo , algorithm = hash . SetDefaultPasswordHashAlgorithm ( sec . Key ( "PASSWORD_HASH_ALGO" ) . MustString ( "" ) )
if algorithm == nil {
log . Fatal ( "The provided password hash algorithm was invalid: %s" , sec . Key ( "PASSWORD_HASH_ALGO" ) . MustString ( "" ) )
}
CSRFCookieHTTPOnly = sec . Key ( "CSRF_COOKIE_HTTP_ONLY" ) . MustBool ( true )
PasswordCheckPwn = sec . Key ( "PASSWORD_CHECK_PWN" ) . MustBool ( false )
SuccessfulTokensCacheSize = sec . Key ( "SUCCESSFUL_TOKENS_CACHE_SIZE" ) . MustInt ( 20 )
InternalToken = loadSecret ( sec , "INTERNAL_TOKEN_URI" , "INTERNAL_TOKEN" )
if InstallLock && InternalToken == "" {
// if Gitea has been installed but the InternalToken hasn't been generated (upgrade from an old release), we should generate
// some users do cluster deployment, they still depend on this auto-generating behavior.
2023-04-25 23:06:39 +08:00
generateSaveInternalToken ( rootCfg )
2023-02-20 00:12:01 +08:00
}
cfgdata := sec . Key ( "PASSWORD_COMPLEXITY" ) . Strings ( "," )
if len ( cfgdata ) == 0 {
cfgdata = [ ] string { "off" }
}
PasswordComplexity = make ( [ ] string , 0 , len ( cfgdata ) )
for _ , name := range cfgdata {
name := strings . ToLower ( strings . Trim ( name , ` " ` ) )
if name != "" {
PasswordComplexity = append ( PasswordComplexity , name )
}
}
2023-12-11 22:48:53 -05:00
2024-01-14 22:20:18 +02:00
sectionHasDisableQueryAuthToken := sec . HasKey ( "DISABLE_QUERY_AUTH_TOKEN" )
2023-12-11 22:48:53 -05:00
// TODO: default value should be true in future releases
DisableQueryAuthToken = sec . Key ( "DISABLE_QUERY_AUTH_TOKEN" ) . MustBool ( false )
2024-01-14 22:20:18 +02:00
// warn if the setting is set to false explicitly
if sectionHasDisableQueryAuthToken && ! DisableQueryAuthToken {
2023-12-11 22:48:53 -05:00
log . Warn ( "Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24." )
}
2023-02-20 00:12:01 +08:00
}