@@ -15,192 +15,192 @@ |
||
15 | 15 | * fixes cyclic DI: AllConfig needs AppConfig needs Database needs AllConfig |
16 | 16 | */ |
17 | 17 | class SystemConfig { |
18 | - protected array $sensitiveValues; |
|
19 | - |
|
20 | - protected const DEFAULT_SENSITIVE_VALUES = [ |
|
21 | - 'instanceid' => true, |
|
22 | - 'datadirectory' => true, |
|
23 | - 'dbname' => true, |
|
24 | - 'dbhost' => true, |
|
25 | - 'dbpassword' => true, |
|
26 | - 'dbuser' => true, |
|
27 | - 'dbreplica' => true, |
|
28 | - 'activity_dbname' => true, |
|
29 | - 'activity_dbhost' => true, |
|
30 | - 'activity_dbpassword' => true, |
|
31 | - 'activity_dbuser' => true, |
|
32 | - 'mail_from_address' => true, |
|
33 | - 'mail_domain' => true, |
|
34 | - 'mail_smtphost' => true, |
|
35 | - 'mail_smtpname' => true, |
|
36 | - 'mail_smtppassword' => true, |
|
37 | - 'passwordsalt' => true, |
|
38 | - 'secret' => true, |
|
39 | - 'updater.secret' => true, |
|
40 | - 'updater.server.url' => true, |
|
41 | - 'trusted_proxies' => true, |
|
42 | - 'preview_imaginary_url' => true, |
|
43 | - 'preview_imaginary_key' => true, |
|
44 | - 'proxyuserpwd' => true, |
|
45 | - 'sentry.dsn' => true, |
|
46 | - 'sentry.public-dsn' => true, |
|
47 | - 'zammad.download.secret' => true, |
|
48 | - 'zammad.portal.secret' => true, |
|
49 | - 'zammad.secret' => true, |
|
50 | - 'github.client_id' => true, |
|
51 | - 'github.client_secret' => true, |
|
52 | - 'log.condition' => [ |
|
53 | - 'shared_secret' => true, |
|
54 | - 'matches' => true, |
|
55 | - ], |
|
56 | - 'license-key' => true, |
|
57 | - 'redis' => [ |
|
58 | - 'host' => true, |
|
59 | - 'password' => true, |
|
60 | - ], |
|
61 | - 'redis.cluster' => [ |
|
62 | - 'seeds' => true, |
|
63 | - 'password' => true, |
|
64 | - ], |
|
65 | - 'objectstore' => [ |
|
66 | - 'arguments' => [ |
|
67 | - // Legacy Swift (https://github.com/nextcloud/server/pull/17696#discussion_r341302207) |
|
68 | - 'options' => [ |
|
69 | - 'credentials' => [ |
|
70 | - 'key' => true, |
|
71 | - 'secret' => true, |
|
72 | - ] |
|
73 | - ], |
|
74 | - // S3 |
|
75 | - 'key' => true, |
|
76 | - 'secret' => true, |
|
77 | - 'sse_c_key' => true, |
|
78 | - // Swift v2 |
|
79 | - 'username' => true, |
|
80 | - 'password' => true, |
|
81 | - // Swift v3 |
|
82 | - 'user' => [ |
|
83 | - 'name' => true, |
|
84 | - 'password' => true, |
|
85 | - ], |
|
86 | - ], |
|
87 | - ], |
|
88 | - 'objectstore_multibucket' => [ |
|
89 | - 'arguments' => [ |
|
90 | - 'options' => [ |
|
91 | - 'credentials' => [ |
|
92 | - 'key' => true, |
|
93 | - 'secret' => true, |
|
94 | - ] |
|
95 | - ], |
|
96 | - // S3 |
|
97 | - 'key' => true, |
|
98 | - 'secret' => true, |
|
99 | - // Swift v2 |
|
100 | - 'username' => true, |
|
101 | - 'password' => true, |
|
102 | - // Swift v3 |
|
103 | - 'user' => [ |
|
104 | - 'name' => true, |
|
105 | - 'password' => true, |
|
106 | - ], |
|
107 | - ], |
|
108 | - ], |
|
109 | - 'onlyoffice' => [ |
|
110 | - 'jwt_secret' => true, |
|
111 | - ], |
|
112 | - 'PASS' => true, |
|
113 | - ]; |
|
114 | - |
|
115 | - public function __construct( |
|
116 | - private Config $config, |
|
117 | - ) { |
|
118 | - $this->sensitiveValues = array_merge(self::DEFAULT_SENSITIVE_VALUES, $this->config->getValue('config_extra_sensitive_values', [])); |
|
119 | - } |
|
120 | - |
|
121 | - /** |
|
122 | - * Lists all available config keys |
|
123 | - * @return array an array of key names |
|
124 | - */ |
|
125 | - public function getKeys() { |
|
126 | - return $this->config->getKeys(); |
|
127 | - } |
|
128 | - |
|
129 | - /** |
|
130 | - * Sets a new system wide value |
|
131 | - * |
|
132 | - * @param string $key the key of the value, under which will be saved |
|
133 | - * @param mixed $value the value that should be stored |
|
134 | - */ |
|
135 | - public function setValue($key, $value) { |
|
136 | - $this->config->setValue($key, $value); |
|
137 | - } |
|
138 | - |
|
139 | - /** |
|
140 | - * Sets and deletes values and writes the config.php |
|
141 | - * |
|
142 | - * @param array $configs Associative array with `key => value` pairs |
|
143 | - * If value is null, the config key will be deleted |
|
144 | - */ |
|
145 | - public function setValues(array $configs) { |
|
146 | - $this->config->setValues($configs); |
|
147 | - } |
|
148 | - |
|
149 | - /** |
|
150 | - * Looks up a system wide defined value |
|
151 | - * |
|
152 | - * @param string $key the key of the value, under which it was saved |
|
153 | - * @param mixed $default the default value to be returned if the value isn't set |
|
154 | - * @return mixed the value or $default |
|
155 | - */ |
|
156 | - public function getValue($key, $default = '') { |
|
157 | - return $this->config->getValue($key, $default); |
|
158 | - } |
|
159 | - |
|
160 | - /** |
|
161 | - * Looks up a system wide defined value and filters out sensitive data |
|
162 | - * |
|
163 | - * @param string $key the key of the value, under which it was saved |
|
164 | - * @param mixed $default the default value to be returned if the value isn't set |
|
165 | - * @return mixed the value or $default |
|
166 | - */ |
|
167 | - public function getFilteredValue($key, $default = '') { |
|
168 | - $value = $this->getValue($key, $default); |
|
169 | - |
|
170 | - if (isset($this->sensitiveValues[$key])) { |
|
171 | - $value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value); |
|
172 | - } |
|
173 | - |
|
174 | - return $value; |
|
175 | - } |
|
176 | - |
|
177 | - /** |
|
178 | - * Delete a system wide defined value |
|
179 | - * |
|
180 | - * @param string $key the key of the value, under which it was saved |
|
181 | - */ |
|
182 | - public function deleteValue($key) { |
|
183 | - $this->config->deleteKey($key); |
|
184 | - } |
|
185 | - |
|
186 | - /** |
|
187 | - * @param bool|array $keysToRemove |
|
188 | - * @param mixed $value |
|
189 | - * @return mixed |
|
190 | - */ |
|
191 | - protected function removeSensitiveValue($keysToRemove, $value) { |
|
192 | - if ($keysToRemove === true) { |
|
193 | - return IConfig::SENSITIVE_VALUE; |
|
194 | - } |
|
195 | - |
|
196 | - if (is_array($value)) { |
|
197 | - foreach ($keysToRemove as $keyToRemove => $valueToRemove) { |
|
198 | - if (isset($value[$keyToRemove])) { |
|
199 | - $value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]); |
|
200 | - } |
|
201 | - } |
|
202 | - } |
|
203 | - |
|
204 | - return $value; |
|
205 | - } |
|
18 | + protected array $sensitiveValues; |
|
19 | + |
|
20 | + protected const DEFAULT_SENSITIVE_VALUES = [ |
|
21 | + 'instanceid' => true, |
|
22 | + 'datadirectory' => true, |
|
23 | + 'dbname' => true, |
|
24 | + 'dbhost' => true, |
|
25 | + 'dbpassword' => true, |
|
26 | + 'dbuser' => true, |
|
27 | + 'dbreplica' => true, |
|
28 | + 'activity_dbname' => true, |
|
29 | + 'activity_dbhost' => true, |
|
30 | + 'activity_dbpassword' => true, |
|
31 | + 'activity_dbuser' => true, |
|
32 | + 'mail_from_address' => true, |
|
33 | + 'mail_domain' => true, |
|
34 | + 'mail_smtphost' => true, |
|
35 | + 'mail_smtpname' => true, |
|
36 | + 'mail_smtppassword' => true, |
|
37 | + 'passwordsalt' => true, |
|
38 | + 'secret' => true, |
|
39 | + 'updater.secret' => true, |
|
40 | + 'updater.server.url' => true, |
|
41 | + 'trusted_proxies' => true, |
|
42 | + 'preview_imaginary_url' => true, |
|
43 | + 'preview_imaginary_key' => true, |
|
44 | + 'proxyuserpwd' => true, |
|
45 | + 'sentry.dsn' => true, |
|
46 | + 'sentry.public-dsn' => true, |
|
47 | + 'zammad.download.secret' => true, |
|
48 | + 'zammad.portal.secret' => true, |
|
49 | + 'zammad.secret' => true, |
|
50 | + 'github.client_id' => true, |
|
51 | + 'github.client_secret' => true, |
|
52 | + 'log.condition' => [ |
|
53 | + 'shared_secret' => true, |
|
54 | + 'matches' => true, |
|
55 | + ], |
|
56 | + 'license-key' => true, |
|
57 | + 'redis' => [ |
|
58 | + 'host' => true, |
|
59 | + 'password' => true, |
|
60 | + ], |
|
61 | + 'redis.cluster' => [ |
|
62 | + 'seeds' => true, |
|
63 | + 'password' => true, |
|
64 | + ], |
|
65 | + 'objectstore' => [ |
|
66 | + 'arguments' => [ |
|
67 | + // Legacy Swift (https://github.com/nextcloud/server/pull/17696#discussion_r341302207) |
|
68 | + 'options' => [ |
|
69 | + 'credentials' => [ |
|
70 | + 'key' => true, |
|
71 | + 'secret' => true, |
|
72 | + ] |
|
73 | + ], |
|
74 | + // S3 |
|
75 | + 'key' => true, |
|
76 | + 'secret' => true, |
|
77 | + 'sse_c_key' => true, |
|
78 | + // Swift v2 |
|
79 | + 'username' => true, |
|
80 | + 'password' => true, |
|
81 | + // Swift v3 |
|
82 | + 'user' => [ |
|
83 | + 'name' => true, |
|
84 | + 'password' => true, |
|
85 | + ], |
|
86 | + ], |
|
87 | + ], |
|
88 | + 'objectstore_multibucket' => [ |
|
89 | + 'arguments' => [ |
|
90 | + 'options' => [ |
|
91 | + 'credentials' => [ |
|
92 | + 'key' => true, |
|
93 | + 'secret' => true, |
|
94 | + ] |
|
95 | + ], |
|
96 | + // S3 |
|
97 | + 'key' => true, |
|
98 | + 'secret' => true, |
|
99 | + // Swift v2 |
|
100 | + 'username' => true, |
|
101 | + 'password' => true, |
|
102 | + // Swift v3 |
|
103 | + 'user' => [ |
|
104 | + 'name' => true, |
|
105 | + 'password' => true, |
|
106 | + ], |
|
107 | + ], |
|
108 | + ], |
|
109 | + 'onlyoffice' => [ |
|
110 | + 'jwt_secret' => true, |
|
111 | + ], |
|
112 | + 'PASS' => true, |
|
113 | + ]; |
|
114 | + |
|
115 | + public function __construct( |
|
116 | + private Config $config, |
|
117 | + ) { |
|
118 | + $this->sensitiveValues = array_merge(self::DEFAULT_SENSITIVE_VALUES, $this->config->getValue('config_extra_sensitive_values', [])); |
|
119 | + } |
|
120 | + |
|
121 | + /** |
|
122 | + * Lists all available config keys |
|
123 | + * @return array an array of key names |
|
124 | + */ |
|
125 | + public function getKeys() { |
|
126 | + return $this->config->getKeys(); |
|
127 | + } |
|
128 | + |
|
129 | + /** |
|
130 | + * Sets a new system wide value |
|
131 | + * |
|
132 | + * @param string $key the key of the value, under which will be saved |
|
133 | + * @param mixed $value the value that should be stored |
|
134 | + */ |
|
135 | + public function setValue($key, $value) { |
|
136 | + $this->config->setValue($key, $value); |
|
137 | + } |
|
138 | + |
|
139 | + /** |
|
140 | + * Sets and deletes values and writes the config.php |
|
141 | + * |
|
142 | + * @param array $configs Associative array with `key => value` pairs |
|
143 | + * If value is null, the config key will be deleted |
|
144 | + */ |
|
145 | + public function setValues(array $configs) { |
|
146 | + $this->config->setValues($configs); |
|
147 | + } |
|
148 | + |
|
149 | + /** |
|
150 | + * Looks up a system wide defined value |
|
151 | + * |
|
152 | + * @param string $key the key of the value, under which it was saved |
|
153 | + * @param mixed $default the default value to be returned if the value isn't set |
|
154 | + * @return mixed the value or $default |
|
155 | + */ |
|
156 | + public function getValue($key, $default = '') { |
|
157 | + return $this->config->getValue($key, $default); |
|
158 | + } |
|
159 | + |
|
160 | + /** |
|
161 | + * Looks up a system wide defined value and filters out sensitive data |
|
162 | + * |
|
163 | + * @param string $key the key of the value, under which it was saved |
|
164 | + * @param mixed $default the default value to be returned if the value isn't set |
|
165 | + * @return mixed the value or $default |
|
166 | + */ |
|
167 | + public function getFilteredValue($key, $default = '') { |
|
168 | + $value = $this->getValue($key, $default); |
|
169 | + |
|
170 | + if (isset($this->sensitiveValues[$key])) { |
|
171 | + $value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value); |
|
172 | + } |
|
173 | + |
|
174 | + return $value; |
|
175 | + } |
|
176 | + |
|
177 | + /** |
|
178 | + * Delete a system wide defined value |
|
179 | + * |
|
180 | + * @param string $key the key of the value, under which it was saved |
|
181 | + */ |
|
182 | + public function deleteValue($key) { |
|
183 | + $this->config->deleteKey($key); |
|
184 | + } |
|
185 | + |
|
186 | + /** |
|
187 | + * @param bool|array $keysToRemove |
|
188 | + * @param mixed $value |
|
189 | + * @return mixed |
|
190 | + */ |
|
191 | + protected function removeSensitiveValue($keysToRemove, $value) { |
|
192 | + if ($keysToRemove === true) { |
|
193 | + return IConfig::SENSITIVE_VALUE; |
|
194 | + } |
|
195 | + |
|
196 | + if (is_array($value)) { |
|
197 | + foreach ($keysToRemove as $keyToRemove => $valueToRemove) { |
|
198 | + if (isset($value[$keyToRemove])) { |
|
199 | + $value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]); |
|
200 | + } |
|
201 | + } |
|
202 | + } |
|
203 | + |
|
204 | + return $value; |
|
205 | + } |
|
206 | 206 | } |