nextcloud /
server
@@ -15,192 +15,192 @@ |
||
| 15 | 15 | * fixes cyclic DI: AllConfig needs AppConfig needs Database needs AllConfig |
| 16 | 16 | */ |
| 17 | 17 | class SystemConfig { |
| 18 | - protected array $sensitiveValues; |
|
| 19 | - |
|
| 20 | - protected const DEFAULT_SENSITIVE_VALUES = [ |
|
| 21 | - 'instanceid' => true, |
|
| 22 | - 'datadirectory' => true, |
|
| 23 | - 'dbname' => true, |
|
| 24 | - 'dbhost' => true, |
|
| 25 | - 'dbpassword' => true, |
|
| 26 | - 'dbuser' => true, |
|
| 27 | - 'dbreplica' => true, |
|
| 28 | - 'activity_dbname' => true, |
|
| 29 | - 'activity_dbhost' => true, |
|
| 30 | - 'activity_dbpassword' => true, |
|
| 31 | - 'activity_dbuser' => true, |
|
| 32 | - 'mail_from_address' => true, |
|
| 33 | - 'mail_domain' => true, |
|
| 34 | - 'mail_smtphost' => true, |
|
| 35 | - 'mail_smtpname' => true, |
|
| 36 | - 'mail_smtppassword' => true, |
|
| 37 | - 'passwordsalt' => true, |
|
| 38 | - 'secret' => true, |
|
| 39 | - 'updater.secret' => true, |
|
| 40 | - 'updater.server.url' => true, |
|
| 41 | - 'trusted_proxies' => true, |
|
| 42 | - 'preview_imaginary_url' => true, |
|
| 43 | - 'preview_imaginary_key' => true, |
|
| 44 | - 'proxyuserpwd' => true, |
|
| 45 | - 'sentry.dsn' => true, |
|
| 46 | - 'sentry.public-dsn' => true, |
|
| 47 | - 'zammad.download.secret' => true, |
|
| 48 | - 'zammad.portal.secret' => true, |
|
| 49 | - 'zammad.secret' => true, |
|
| 50 | - 'github.client_id' => true, |
|
| 51 | - 'github.client_secret' => true, |
|
| 52 | - 'log.condition' => [ |
|
| 53 | - 'shared_secret' => true, |
|
| 54 | - 'matches' => true, |
|
| 55 | - ], |
|
| 56 | - 'license-key' => true, |
|
| 57 | - 'redis' => [ |
|
| 58 | - 'host' => true, |
|
| 59 | - 'password' => true, |
|
| 60 | - ], |
|
| 61 | - 'redis.cluster' => [ |
|
| 62 | - 'seeds' => true, |
|
| 63 | - 'password' => true, |
|
| 64 | - ], |
|
| 65 | - 'objectstore' => [ |
|
| 66 | - 'arguments' => [ |
|
| 67 | - // Legacy Swift (https://github.com/nextcloud/server/pull/17696#discussion_r341302207) |
|
| 68 | - 'options' => [ |
|
| 69 | - 'credentials' => [ |
|
| 70 | - 'key' => true, |
|
| 71 | - 'secret' => true, |
|
| 72 | - ] |
|
| 73 | - ], |
|
| 74 | - // S3 |
|
| 75 | - 'key' => true, |
|
| 76 | - 'secret' => true, |
|
| 77 | - 'sse_c_key' => true, |
|
| 78 | - // Swift v2 |
|
| 79 | - 'username' => true, |
|
| 80 | - 'password' => true, |
|
| 81 | - // Swift v3 |
|
| 82 | - 'user' => [ |
|
| 83 | - 'name' => true, |
|
| 84 | - 'password' => true, |
|
| 85 | - ], |
|
| 86 | - ], |
|
| 87 | - ], |
|
| 88 | - 'objectstore_multibucket' => [ |
|
| 89 | - 'arguments' => [ |
|
| 90 | - 'options' => [ |
|
| 91 | - 'credentials' => [ |
|
| 92 | - 'key' => true, |
|
| 93 | - 'secret' => true, |
|
| 94 | - ] |
|
| 95 | - ], |
|
| 96 | - // S3 |
|
| 97 | - 'key' => true, |
|
| 98 | - 'secret' => true, |
|
| 99 | - // Swift v2 |
|
| 100 | - 'username' => true, |
|
| 101 | - 'password' => true, |
|
| 102 | - // Swift v3 |
|
| 103 | - 'user' => [ |
|
| 104 | - 'name' => true, |
|
| 105 | - 'password' => true, |
|
| 106 | - ], |
|
| 107 | - ], |
|
| 108 | - ], |
|
| 109 | - 'onlyoffice' => [ |
|
| 110 | - 'jwt_secret' => true, |
|
| 111 | - ], |
|
| 112 | - 'PASS' => true, |
|
| 113 | - ]; |
|
| 114 | - |
|
| 115 | - public function __construct( |
|
| 116 | - private Config $config, |
|
| 117 | - ) { |
|
| 118 | - $this->sensitiveValues = array_merge(self::DEFAULT_SENSITIVE_VALUES, $this->config->getValue('config_extra_sensitive_values', [])); |
|
| 119 | - } |
|
| 120 | - |
|
| 121 | - /** |
|
| 122 | - * Lists all available config keys |
|
| 123 | - * @return array an array of key names |
|
| 124 | - */ |
|
| 125 | - public function getKeys() { |
|
| 126 | - return $this->config->getKeys(); |
|
| 127 | - } |
|
| 128 | - |
|
| 129 | - /** |
|
| 130 | - * Sets a new system wide value |
|
| 131 | - * |
|
| 132 | - * @param string $key the key of the value, under which will be saved |
|
| 133 | - * @param mixed $value the value that should be stored |
|
| 134 | - */ |
|
| 135 | - public function setValue($key, $value) { |
|
| 136 | - $this->config->setValue($key, $value); |
|
| 137 | - } |
|
| 138 | - |
|
| 139 | - /** |
|
| 140 | - * Sets and deletes values and writes the config.php |
|
| 141 | - * |
|
| 142 | - * @param array $configs Associative array with `key => value` pairs |
|
| 143 | - * If value is null, the config key will be deleted |
|
| 144 | - */ |
|
| 145 | - public function setValues(array $configs) { |
|
| 146 | - $this->config->setValues($configs); |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - /** |
|
| 150 | - * Looks up a system wide defined value |
|
| 151 | - * |
|
| 152 | - * @param string $key the key of the value, under which it was saved |
|
| 153 | - * @param mixed $default the default value to be returned if the value isn't set |
|
| 154 | - * @return mixed the value or $default |
|
| 155 | - */ |
|
| 156 | - public function getValue($key, $default = '') { |
|
| 157 | - return $this->config->getValue($key, $default); |
|
| 158 | - } |
|
| 159 | - |
|
| 160 | - /** |
|
| 161 | - * Looks up a system wide defined value and filters out sensitive data |
|
| 162 | - * |
|
| 163 | - * @param string $key the key of the value, under which it was saved |
|
| 164 | - * @param mixed $default the default value to be returned if the value isn't set |
|
| 165 | - * @return mixed the value or $default |
|
| 166 | - */ |
|
| 167 | - public function getFilteredValue($key, $default = '') { |
|
| 168 | - $value = $this->getValue($key, $default); |
|
| 169 | - |
|
| 170 | - if (isset($this->sensitiveValues[$key])) { |
|
| 171 | - $value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value); |
|
| 172 | - } |
|
| 173 | - |
|
| 174 | - return $value; |
|
| 175 | - } |
|
| 176 | - |
|
| 177 | - /** |
|
| 178 | - * Delete a system wide defined value |
|
| 179 | - * |
|
| 180 | - * @param string $key the key of the value, under which it was saved |
|
| 181 | - */ |
|
| 182 | - public function deleteValue($key) { |
|
| 183 | - $this->config->deleteKey($key); |
|
| 184 | - } |
|
| 185 | - |
|
| 186 | - /** |
|
| 187 | - * @param bool|array $keysToRemove |
|
| 188 | - * @param mixed $value |
|
| 189 | - * @return mixed |
|
| 190 | - */ |
|
| 191 | - protected function removeSensitiveValue($keysToRemove, $value) { |
|
| 192 | - if ($keysToRemove === true) { |
|
| 193 | - return IConfig::SENSITIVE_VALUE; |
|
| 194 | - } |
|
| 195 | - |
|
| 196 | - if (is_array($value)) { |
|
| 197 | - foreach ($keysToRemove as $keyToRemove => $valueToRemove) { |
|
| 198 | - if (isset($value[$keyToRemove])) { |
|
| 199 | - $value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]); |
|
| 200 | - } |
|
| 201 | - } |
|
| 202 | - } |
|
| 203 | - |
|
| 204 | - return $value; |
|
| 205 | - } |
|
| 18 | + protected array $sensitiveValues; |
|
| 19 | + |
|
| 20 | + protected const DEFAULT_SENSITIVE_VALUES = [ |
|
| 21 | + 'instanceid' => true, |
|
| 22 | + 'datadirectory' => true, |
|
| 23 | + 'dbname' => true, |
|
| 24 | + 'dbhost' => true, |
|
| 25 | + 'dbpassword' => true, |
|
| 26 | + 'dbuser' => true, |
|
| 27 | + 'dbreplica' => true, |
|
| 28 | + 'activity_dbname' => true, |
|
| 29 | + 'activity_dbhost' => true, |
|
| 30 | + 'activity_dbpassword' => true, |
|
| 31 | + 'activity_dbuser' => true, |
|
| 32 | + 'mail_from_address' => true, |
|
| 33 | + 'mail_domain' => true, |
|
| 34 | + 'mail_smtphost' => true, |
|
| 35 | + 'mail_smtpname' => true, |
|
| 36 | + 'mail_smtppassword' => true, |
|
| 37 | + 'passwordsalt' => true, |
|
| 38 | + 'secret' => true, |
|
| 39 | + 'updater.secret' => true, |
|
| 40 | + 'updater.server.url' => true, |
|
| 41 | + 'trusted_proxies' => true, |
|
| 42 | + 'preview_imaginary_url' => true, |
|
| 43 | + 'preview_imaginary_key' => true, |
|
| 44 | + 'proxyuserpwd' => true, |
|
| 45 | + 'sentry.dsn' => true, |
|
| 46 | + 'sentry.public-dsn' => true, |
|
| 47 | + 'zammad.download.secret' => true, |
|
| 48 | + 'zammad.portal.secret' => true, |
|
| 49 | + 'zammad.secret' => true, |
|
| 50 | + 'github.client_id' => true, |
|
| 51 | + 'github.client_secret' => true, |
|
| 52 | + 'log.condition' => [ |
|
| 53 | + 'shared_secret' => true, |
|
| 54 | + 'matches' => true, |
|
| 55 | + ], |
|
| 56 | + 'license-key' => true, |
|
| 57 | + 'redis' => [ |
|
| 58 | + 'host' => true, |
|
| 59 | + 'password' => true, |
|
| 60 | + ], |
|
| 61 | + 'redis.cluster' => [ |
|
| 62 | + 'seeds' => true, |
|
| 63 | + 'password' => true, |
|
| 64 | + ], |
|
| 65 | + 'objectstore' => [ |
|
| 66 | + 'arguments' => [ |
|
| 67 | + // Legacy Swift (https://github.com/nextcloud/server/pull/17696#discussion_r341302207) |
|
| 68 | + 'options' => [ |
|
| 69 | + 'credentials' => [ |
|
| 70 | + 'key' => true, |
|
| 71 | + 'secret' => true, |
|
| 72 | + ] |
|
| 73 | + ], |
|
| 74 | + // S3 |
|
| 75 | + 'key' => true, |
|
| 76 | + 'secret' => true, |
|
| 77 | + 'sse_c_key' => true, |
|
| 78 | + // Swift v2 |
|
| 79 | + 'username' => true, |
|
| 80 | + 'password' => true, |
|
| 81 | + // Swift v3 |
|
| 82 | + 'user' => [ |
|
| 83 | + 'name' => true, |
|
| 84 | + 'password' => true, |
|
| 85 | + ], |
|
| 86 | + ], |
|
| 87 | + ], |
|
| 88 | + 'objectstore_multibucket' => [ |
|
| 89 | + 'arguments' => [ |
|
| 90 | + 'options' => [ |
|
| 91 | + 'credentials' => [ |
|
| 92 | + 'key' => true, |
|
| 93 | + 'secret' => true, |
|
| 94 | + ] |
|
| 95 | + ], |
|
| 96 | + // S3 |
|
| 97 | + 'key' => true, |
|
| 98 | + 'secret' => true, |
|
| 99 | + // Swift v2 |
|
| 100 | + 'username' => true, |
|
| 101 | + 'password' => true, |
|
| 102 | + // Swift v3 |
|
| 103 | + 'user' => [ |
|
| 104 | + 'name' => true, |
|
| 105 | + 'password' => true, |
|
| 106 | + ], |
|
| 107 | + ], |
|
| 108 | + ], |
|
| 109 | + 'onlyoffice' => [ |
|
| 110 | + 'jwt_secret' => true, |
|
| 111 | + ], |
|
| 112 | + 'PASS' => true, |
|
| 113 | + ]; |
|
| 114 | + |
|
| 115 | + public function __construct( |
|
| 116 | + private Config $config, |
|
| 117 | + ) { |
|
| 118 | + $this->sensitiveValues = array_merge(self::DEFAULT_SENSITIVE_VALUES, $this->config->getValue('config_extra_sensitive_values', [])); |
|
| 119 | + } |
|
| 120 | + |
|
| 121 | + /** |
|
| 122 | + * Lists all available config keys |
|
| 123 | + * @return array an array of key names |
|
| 124 | + */ |
|
| 125 | + public function getKeys() { |
|
| 126 | + return $this->config->getKeys(); |
|
| 127 | + } |
|
| 128 | + |
|
| 129 | + /** |
|
| 130 | + * Sets a new system wide value |
|
| 131 | + * |
|
| 132 | + * @param string $key the key of the value, under which will be saved |
|
| 133 | + * @param mixed $value the value that should be stored |
|
| 134 | + */ |
|
| 135 | + public function setValue($key, $value) { |
|
| 136 | + $this->config->setValue($key, $value); |
|
| 137 | + } |
|
| 138 | + |
|
| 139 | + /** |
|
| 140 | + * Sets and deletes values and writes the config.php |
|
| 141 | + * |
|
| 142 | + * @param array $configs Associative array with `key => value` pairs |
|
| 143 | + * If value is null, the config key will be deleted |
|
| 144 | + */ |
|
| 145 | + public function setValues(array $configs) { |
|
| 146 | + $this->config->setValues($configs); |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + /** |
|
| 150 | + * Looks up a system wide defined value |
|
| 151 | + * |
|
| 152 | + * @param string $key the key of the value, under which it was saved |
|
| 153 | + * @param mixed $default the default value to be returned if the value isn't set |
|
| 154 | + * @return mixed the value or $default |
|
| 155 | + */ |
|
| 156 | + public function getValue($key, $default = '') { |
|
| 157 | + return $this->config->getValue($key, $default); |
|
| 158 | + } |
|
| 159 | + |
|
| 160 | + /** |
|
| 161 | + * Looks up a system wide defined value and filters out sensitive data |
|
| 162 | + * |
|
| 163 | + * @param string $key the key of the value, under which it was saved |
|
| 164 | + * @param mixed $default the default value to be returned if the value isn't set |
|
| 165 | + * @return mixed the value or $default |
|
| 166 | + */ |
|
| 167 | + public function getFilteredValue($key, $default = '') { |
|
| 168 | + $value = $this->getValue($key, $default); |
|
| 169 | + |
|
| 170 | + if (isset($this->sensitiveValues[$key])) { |
|
| 171 | + $value = $this->removeSensitiveValue($this->sensitiveValues[$key], $value); |
|
| 172 | + } |
|
| 173 | + |
|
| 174 | + return $value; |
|
| 175 | + } |
|
| 176 | + |
|
| 177 | + /** |
|
| 178 | + * Delete a system wide defined value |
|
| 179 | + * |
|
| 180 | + * @param string $key the key of the value, under which it was saved |
|
| 181 | + */ |
|
| 182 | + public function deleteValue($key) { |
|
| 183 | + $this->config->deleteKey($key); |
|
| 184 | + } |
|
| 185 | + |
|
| 186 | + /** |
|
| 187 | + * @param bool|array $keysToRemove |
|
| 188 | + * @param mixed $value |
|
| 189 | + * @return mixed |
|
| 190 | + */ |
|
| 191 | + protected function removeSensitiveValue($keysToRemove, $value) { |
|
| 192 | + if ($keysToRemove === true) { |
|
| 193 | + return IConfig::SENSITIVE_VALUE; |
|
| 194 | + } |
|
| 195 | + |
|
| 196 | + if (is_array($value)) { |
|
| 197 | + foreach ($keysToRemove as $keyToRemove => $valueToRemove) { |
|
| 198 | + if (isset($value[$keyToRemove])) { |
|
| 199 | + $value[$keyToRemove] = $this->removeSensitiveValue($valueToRemove, $value[$keyToRemove]); |
|
| 200 | + } |
|
| 201 | + } |
|
| 202 | + } |
|
| 203 | + |
|
| 204 | + return $value; |
|
| 205 | + } |
|
| 206 | 206 | } |
