From e9fab3ea3eae00f4375f01faba5c6cff2b98bf4f Mon Sep 17 00:00:00 2001 From: Giteabot Date: Sun, 18 Jun 2023 16:56:50 -0400 Subject: [PATCH] Avoid polluting the config (#25345) (#25354) Backport #25345 by @wxiaoguang Caught by #25330 Co-authored-by: wxiaoguang --- modules/setting/mirror.go | 2 +- modules/setting/oauth2.go | 26 ++++++++++++++------------ modules/setting/setting.go | 2 +- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/modules/setting/mirror.go b/modules/setting/mirror.go index cd6b8d456248d..3aa530a1f4847 100644 --- a/modules/setting/mirror.go +++ b/modules/setting/mirror.go @@ -30,7 +30,7 @@ func loadMirrorFrom(rootCfg ConfigProvider) { // DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version // if these are removed, the warning will not be shown deprecatedSetting(rootCfg, "repository", "DISABLE_MIRRORS", "mirror", "ENABLED", "v1.19.0") - if rootCfg.Section("repository").Key("DISABLE_MIRRORS").MustBool(false) { + if ConfigSectionKeyBool(rootCfg.Section("repository"), "DISABLE_MIRRORS") { Mirror.DisableNewPull = true } diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go index 4dab468c1029c..836a2bb25f48b 100644 --- a/modules/setting/oauth2.go +++ b/modules/setting/oauth2.go @@ -120,18 +120,20 @@ func loadOAuth2From(rootCfg ConfigProvider) { OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile) } - key := make([]byte, 32) - n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64)) - if err != nil || n != 32 { - key, err = generate.NewJwtSecret() - if err != nil { - log.Fatal("error generating JWT secret: %v", err) - } - - secretBase64 := base64.RawURLEncoding.EncodeToString(key) - rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64) - if err := rootCfg.Save(); err != nil { - log.Fatal("save oauth2.JWT_SECRET failed: %v", err) + if InstallLock { + key := make([]byte, 32) + n, err := base64.RawURLEncoding.Decode(key, []byte(OAuth2.JWTSecretBase64)) + if err != nil || n != 32 { + key, err = generate.NewJwtSecret() + if err != nil { + log.Fatal("error generating JWT secret: %v", err) + } + + secretBase64 := base64.RawURLEncoding.EncodeToString(key) + rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64) + if err := rootCfg.Save(); err != nil { + log.Fatal("save oauth2.JWT_SECRET failed: %v", err) + } } } } diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 293333a95bc36..539eb4b197649 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -262,7 +262,7 @@ func loadRunModeFrom(rootCfg ConfigProvider) { RunUser = rootSec.Key("RUN_USER").MustString(user.CurrentUsername()) // The following is a purposefully undocumented option. Please do not run Gitea as root. It will only cause future headaches. // Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly. - unsafeAllowRunAsRoot := rootSec.Key("I_AM_BEING_UNSAFE_RUNNING_AS_ROOT").MustBool(false) + unsafeAllowRunAsRoot := ConfigSectionKeyBool(rootSec, "I_AM_BEING_UNSAFE_RUNNING_AS_ROOT") RunMode = os.Getenv("GITEA_RUN_MODE") if RunMode == "" { RunMode = rootSec.Key("RUN_MODE").MustString("prod")