Add database configuration whitelist
This commit is contained in:
parent
f8190aea5e
commit
620247a015
|
@ -911,6 +911,17 @@ config :auto_linker,
|
||||||
|
|
||||||
Boolean, enables/disables in-database configuration. Read [Transfering the config to/from the database](../administration/CLI_tasks/config.md) for more information.
|
Boolean, enables/disables in-database configuration. Read [Transfering the config to/from the database](../administration/CLI_tasks/config.md) for more information.
|
||||||
|
|
||||||
|
## :database_config_whitelist
|
||||||
|
|
||||||
|
List of valid configuration sections which are allowed to be configured from the database.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
```elixir
|
||||||
|
config :pleroma, :database_config_whitelist, [
|
||||||
|
{:pleroma, :instance},
|
||||||
|
{:pleroma, Pleroma.Web.Metadata}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
### Multi-factor authentication - :two_factor_authentication
|
### Multi-factor authentication - :two_factor_authentication
|
||||||
* `totp` - a list containing TOTP configuration
|
* `totp` - a list containing TOTP configuration
|
||||||
|
|
|
@ -949,7 +949,8 @@ def config_show(conn, _params) do
|
||||||
def config_update(conn, %{"configs" => configs}) do
|
def config_update(conn, %{"configs" => configs}) do
|
||||||
with :ok <- configurable_from_database(conn) do
|
with :ok <- configurable_from_database(conn) do
|
||||||
{_errors, results} =
|
{_errors, results} =
|
||||||
Enum.map(configs, fn
|
Enum.filter(configs, &whitelisted_config?/1)
|
||||||
|
|> Enum.map(fn
|
||||||
%{"group" => group, "key" => key, "delete" => true} = params ->
|
%{"group" => group, "key" => key, "delete" => true} = params ->
|
||||||
ConfigDB.delete(%{group: group, key: key, subkeys: params["subkeys"]})
|
ConfigDB.delete(%{group: group, key: key, subkeys: params["subkeys"]})
|
||||||
|
|
||||||
|
@ -1011,6 +1012,16 @@ defp configurable_from_database(conn) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp whitelisted_config?(%{"group" => group, "key" => key}) do
|
||||||
|
if whitelisted_configs = Config.get(:database_config_whitelist) do
|
||||||
|
Enum.any?(whitelisted_configs, fn {whitelisted_group, whitelisted_key} ->
|
||||||
|
group == inspect(whitelisted_group) && key == inspect(whitelisted_key)
|
||||||
|
end)
|
||||||
|
else
|
||||||
|
true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def reload_emoji(conn, _params) do
|
def reload_emoji(conn, _params) do
|
||||||
Pleroma.Emoji.reload()
|
Pleroma.Emoji.reload()
|
||||||
|
|
||||||
|
|
|
@ -2943,6 +2943,30 @@ test "proxy tuple ip", %{conn: conn} do
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "doesn't set keys not in the whitelist", %{conn: conn} do
|
||||||
|
clear_config(:database_config_whitelist, [
|
||||||
|
{:pleroma, :key1},
|
||||||
|
{:pleroma, :key2},
|
||||||
|
{:pleroma, Pleroma.Captcha.NotReal}
|
||||||
|
])
|
||||||
|
|
||||||
|
post(conn, "/api/pleroma/admin/config", %{
|
||||||
|
configs: [
|
||||||
|
%{group: ":pleroma", key: ":key1", value: "value1"},
|
||||||
|
%{group: ":pleroma", key: ":key2", value: "value2"},
|
||||||
|
%{group: ":pleroma", key: ":key3", value: "value3"},
|
||||||
|
%{group: ":pleroma", key: "Pleroma.Web.Endpoint.NotReal", value: "value4"},
|
||||||
|
%{group: ":pleroma", key: "Pleroma.Captcha.NotReal", value: "value5"}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
|
||||||
|
assert Application.get_env(:pleroma, :key1) == "value1"
|
||||||
|
assert Application.get_env(:pleroma, :key2) == "value2"
|
||||||
|
assert Application.get_env(:pleroma, :key3) == nil
|
||||||
|
assert Application.get_env(:pleroma, Pleroma.Web.Endpoint.NotReal) == nil
|
||||||
|
assert Application.get_env(:pleroma, Pleroma.Captcha.NotReal) == "value5"
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /api/pleroma/admin/restart" do
|
describe "GET /api/pleroma/admin/restart" do
|
||||||
|
|
Loading…
Reference in a new issue