Added support for using password files instead of just passwords#3092
Closed
r-a303931 wants to merge 1 commit into
Closed
Added support for using password files instead of just passwords#3092r-a303931 wants to merge 1 commit into
r-a303931 wants to merge 1 commit into
Conversation
Member
|
I'd rather see this implemented as a system property check instead of an additional file, similar to the server option: Something like.... diff --git a/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java b/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java
--- a/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java
+++ b/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java
@@ -541,11 +541,16 @@
int connectionTimeout = c.getInteger("data.pool-settings.connection-timeout", 5000);
Map<String, String> props = ImmutableMap.copyOf(c.getStringMap("data.pool-settings.properties", ImmutableMap.of()));
+ String password = c.getString("data.password", null);
+ if (password != null && password.equals("load-from-system-property")) {
+ password = System.getProperty("luckperms.database.password", null);
+ }
+
return new StorageCredentials(
c.getString("data.address", null),
c.getString("data.database", null),
c.getString("data.username", null),
- c.getString("data.password", null),
+ password,
maxPoolSize, minIdle, maxLifetime, keepAliveTime, connectionTimeout, props
);
}));
What do you think? :) |
Author
|
That could work. I am confused about how this could be done securely, however; my understanding is that to set a system property in such a way, there are two possible paths:
What about the ability to select between either a file or a system property? Something like: diff --git a/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java b/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java
index 1c4a2720..63694f11 100644
--- a/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java
+++ b/common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java
@@ -541,11 +546,40 @@ public final class ConfigKeys {
int connectionTimeout = c.getInteger("data.pool-settings.connection-timeout", 5000);
Map<String, String> props = ImmutableMap.copyOf(c.getStringMap("data.pool-settings.properties", ImmutableMap.of()));
+ String password = c.getString("data.password", null);
+ if (password != null && password.startsWith("load-from-system-property")) {
+ String[] parts = password.split(":");
+ if (parts.length > 0) {
+ password = System.getProperty(parts[1].trim(), null);
+ } else {
+ password = System.getProperty("luckperms.database.password", null);
+ }
+ } else if (password != null && password.startsWith("load-from-local-file")) {
+ String[] parts = password.split(":");
+ if (parts.length > 0) {
+ try {
+ Charset encoding = Charset.defaultCharset();
+ byte[] passwordBytes = Files.readAllBytes(Paths.get(parts[1].trim()));
+ // Database passwords probably do not intend to have newlines, but when editing files in most editors
+ // (e.g., vi(m), VS Code, etc) a new line will automatically be added for POSIX compatibility.
+ // This takes that into consideration
+ password = new String(passwordBytes, encoding).trim();
+ } catch (IOException ioException) {
+ LoggerFactory.getLogger(ConfigKeys.class).error("Load from local file failed.");
+ ioException.printStackTrace();
+ password = null;
+ }
+ } else {
+ LoggerFactory.getLogger(ConfigKeys.class).error("Load from local file specified for database password, but no file path provided.");
+ password = null;
+ }
+ }
+
return new StorageCredentials(
c.getString("data.address", null),
c.getString("data.database", null),
c.getString("data.username", null),
- c.getString("data.password", null),
+ password,
maxPoolSize, minIdle, maxLifetime, keepAliveTime, connectionTimeout, props
);
})); |
Member
|
I don't think security of the system properties approach is an issue - if another process is able to read that information then it can most likely read the config file from the filesystem too. |
Member
|
My aim here is to keep the diff relatively small considering the feature is particularly niche. |
Member
|
For the reasons stated above I'm going to close this PR for now - thanks for your efforts though :) If you'd like to continue this further please let me know and I will happily re-open. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull requests provides the ability to specify a file with the password needed for connecting to a data source. This is useful for environments where it is desirable to open source or publish the configuration, but not possible to do currently due to the inclusion of a database password.
It will try to use the password file option whenever possible, but will gracefully fall back to using the original password option in the case of the file not being possible to read from.