Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

removed default master key and added warning log if not set

0xdcarns 3 years ago
parent
816e0a3dd6
commit
51fa553df3
6 changed files with 10 additions and 11 deletions
Split View Show Diff Stats
  1. 2 2
      controllers/security.go
  2. 1 6
      controllers/server.go
  3. 2 2
      logic/jwts.go
  4. BIN
      main
  5. 4 0
      main.go
  6. 1 1
      servercfg/serverconf.go

+ 2 - 2
controllers/security.go
View File 

@@ -98,9 +98,9 @@ func SecurityCheck(reqAdmin bool, netname string, token string) (error, []string
 
 	return nil, userNetworks, username
 
 }
 
 
-//Consider a more secure way of setting master key
 
+// Consider a more secure way of setting master key
 
 func authenticateMaster(tokenString string) bool {
 
-	return tokenString == servercfg.GetMasterKey()
 
+	return tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != ""
 
 }
 
 
 //Consider a more secure way of setting master key

+ 1 - 6
controllers/server.go
View File 

@@ -49,7 +49,7 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
 
 			returnErrorResponse(w, r, errorResponse)
 
 			return
 
 		}
 
-		if adminonly && !isadmin && !authenticateMasterServer(authToken) {
 
+		if adminonly && !isadmin && !authenticateMaster(authToken) {
 
 			returnErrorResponse(w, r, errorResponse)
 
 			return
 
 		}
 
@@ -57,11 +57,6 @@ func securityCheckServer(adminonly bool, next http.Handler) http.HandlerFunc {
 
 	}
 
 }
 
 
-//Consider a more secure way of setting master key
 
-func authenticateMasterServer(tokenString string) bool {
 
-	return tokenString == servercfg.GetMasterKey()
 
-}
 
-
 
 func removeNetwork(w http.ResponseWriter, r *http.Request) {
 
 	// Set header
 
 	w.Header().Set("Content-Type", "application/json")

+ 2 - 2
logic/jwts.go
View File 

@@ -55,7 +55,7 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
 
 func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
 
 	claims := &models.UserClaims{}
 
 
-	if tokenString == servercfg.GetMasterKey() {
 
+	if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
 
 		return "masteradministrator", nil, true, nil
 
 	}
 
 
@@ -79,7 +79,7 @@ func VerifyToken(tokenString string) (nodeID string, mac string, network string,
 
 
 	//this may be a stupid way of serving up a master key
 
 	//TODO: look into a different method. Encryption?
 
-	if tokenString == servercfg.GetMasterKey() {
 
+	if tokenString == servercfg.GetMasterKey() && servercfg.GetMasterKey() != "" {
 
 		return "mastermac", "", "", nil
 
 	}

BIN
main
View File


+ 4 - 0
main.go
View File 

@@ -41,6 +41,10 @@ func main() {
 
 func initialize() { // Client Mode Prereq Check
 
 	var err error
 
 
+	if servercfg.GetMasterKey() == "" {
 
+		logger.Log(0, "warning: MASTER_KEY not set, this could make account recovery difficult")
 
+	}
 
+
 
 	if servercfg.GetNodeID() == "" {
 
 		logger.FatalLog("error: must set NODE_ID, currently blank")
 
 	}

+ 1 - 1
servercfg/serverconf.go
View File 

@@ -266,7 +266,7 @@ func GetMessageQueueEndpoint() string {
 
 
 // GetMasterKey - gets the configured master key of server
 
 func GetMasterKey() string {
 
-	key := "secretkey"
 
+	key := ""
 
 	if os.Getenv("MASTER_KEY") != "" {
 
 		key = os.Getenv("MASTER_KEY")
 
 	} else if config.Config.Server.MasterKey != "" {