sanitize.go 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295
  1. package config
  2. import (
  3. "strings"
  4. "text/template"
  5. "github.com/OliveTin/OliveTin/internal/env"
  6. "github.com/google/uuid"
  7. log "github.com/sirupsen/logrus"
  8. )
  9. // Sanitize will look for common configuration issues, and fix them. For example,
  10. // populating undefined fields - name -> title, etc.
  11. func (cfg *Config) Sanitize() {
  12. cfg.sanitizeLogLevel()
  13. cfg.sanitizeAuthRequireGuestsToLogin()
  14. cfg.sanitizeLogHistoryPageSize()
  15. cfg.sanitizeLocalUserPasswords()
  16. // log.Infof("cfg %p", cfg)
  17. for idx := range cfg.Actions {
  18. cfg.Actions[idx].sanitize(cfg)
  19. }
  20. cfg.sanitizeDashboardsForInlineActions()
  21. }
  22. func (cfg *Config) sanitizeDashboardsForInlineActions() {
  23. for _, dashboard := range cfg.Dashboards {
  24. cfg.sanitizeDashboardComponentForInlineActions(dashboard)
  25. }
  26. }
  27. func (cfg *Config) sanitizeDashboardComponentForInlineActions(component *DashboardComponent) {
  28. visited := make(map[*DashboardComponent]bool)
  29. cfg.sanitizeDashboardComponentForInlineActionsHelper(component, visited)
  30. }
  31. func (cfg *Config) sanitizeDashboardComponentForInlineActionsHelper(component *DashboardComponent, visited map[*DashboardComponent]bool) {
  32. if component == nil {
  33. return
  34. }
  35. if visited[component] {
  36. return
  37. }
  38. visited[component] = true
  39. cfg.sanitizeInlineAction(component)
  40. cfg.sanitizeChildDashboardComponents(component, visited)
  41. }
  42. func (cfg *Config) sanitizeInlineAction(component *DashboardComponent) {
  43. if component.InlineAction == nil {
  44. return
  45. }
  46. sanitizeInlineActionTitles(component)
  47. if component.Entity != "" && component.InlineAction.Entity == "" {
  48. component.InlineAction.Entity = component.Entity
  49. }
  50. component.InlineAction.sanitize(cfg)
  51. cfg.addInlineActionIfNotExists(component.InlineAction)
  52. }
  53. func (cfg *Config) addInlineActionIfNotExists(action *Action) {
  54. if cfg.inlineActionExists(action) {
  55. return
  56. }
  57. cfg.Actions = append(cfg.Actions, action)
  58. }
  59. func sanitizeInlineActionTitles(component *DashboardComponent) {
  60. if component.InlineAction.Title == "" {
  61. component.InlineAction.Title = component.Title
  62. }
  63. if component.Title == "" {
  64. component.Title = component.InlineAction.Title
  65. }
  66. }
  67. func (cfg *Config) inlineActionExists(action *Action) bool {
  68. if cfg.inlineActionPointerExists(action) {
  69. return true
  70. }
  71. if cfg.inlineActionIDExists(action) {
  72. return true
  73. }
  74. return false
  75. }
  76. func (cfg *Config) inlineActionPointerExists(action *Action) bool {
  77. for _, existingAction := range cfg.Actions {
  78. if existingAction == action {
  79. return true
  80. }
  81. }
  82. return false
  83. }
  84. func (cfg *Config) inlineActionIDExists(action *Action) bool {
  85. if action.ID == "" {
  86. return false
  87. }
  88. for _, existingAction := range cfg.Actions {
  89. if existingAction.ID == action.ID {
  90. return true
  91. }
  92. }
  93. return false
  94. }
  95. func (cfg *Config) sanitizeChildDashboardComponents(component *DashboardComponent, visited map[*DashboardComponent]bool) {
  96. for _, child := range component.Contents {
  97. if child.Entity == "" {
  98. child.Entity = component.Entity
  99. }
  100. cfg.sanitizeDashboardComponentForInlineActionsHelper(child, visited)
  101. }
  102. }
  103. func (cfg *Config) sanitizeLogLevel() {
  104. if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
  105. log.Info("Setting log level to ", logLevel)
  106. log.SetLevel(logLevel)
  107. }
  108. }
  109. func (action *Action) sanitize(cfg *Config) {
  110. if action.Timeout < 3 {
  111. action.Timeout = 3
  112. }
  113. action.ID = getActionID(action)
  114. action.Icon = lookupHTMLIcon(action.Icon, cfg.DefaultIconForActions)
  115. action.PopupOnStart = sanitizePopupOnStart(action.PopupOnStart, cfg)
  116. sanitizeActionExecutionMode(action)
  117. if action.MaxConcurrent < 1 {
  118. action.MaxConcurrent = 1
  119. }
  120. for idx := range action.Arguments {
  121. action.Arguments[idx].sanitize()
  122. }
  123. }
  124. func sanitizeActionExecutionMode(action *Action) {
  125. prioritizeExecToolOverShellAndExec(action)
  126. if len(action.Exec) > 0 && action.Shell != "" {
  127. log.Warnf("Action %q has both shell and exec; using exec only", action.Title)
  128. action.Shell = ""
  129. }
  130. clearIncompleteExecTool(action)
  131. }
  132. func prioritizeExecToolOverShellAndExec(action *Action) {
  133. if !execToolIsFullyConfigured(action) {
  134. return
  135. }
  136. if action.Shell == "" && len(action.Exec) == 0 {
  137. return
  138. }
  139. log.Warnf("Action %q has both execTool and shell/exec; using execTool only", action.Title)
  140. action.Shell = ""
  141. action.Exec = nil
  142. }
  143. func execToolIsFullyConfigured(action *Action) bool {
  144. t := action.ExecTool
  145. if t == nil {
  146. return false
  147. }
  148. if t.Name == "" {
  149. return false
  150. }
  151. return t.Config != nil
  152. }
  153. func clearIncompleteExecTool(action *Action) {
  154. if action.ExecTool == nil || (action.ExecTool.Name != "" && action.ExecTool.Config != nil) {
  155. return
  156. }
  157. log.Warnf("Action %q has execTool with missing name or config; clearing execTool", action.Title)
  158. action.ExecTool = nil
  159. }
  160. func (cfg *Config) sanitizeAuthRequireGuestsToLogin() {
  161. if cfg.AuthRequireGuestsToLogin {
  162. log.Infof("AuthRequireGuestsToLogin is enabled. All defaultPermissions will be set to false")
  163. cfg.DefaultPermissions.View = false
  164. cfg.DefaultPermissions.Exec = false
  165. cfg.DefaultPermissions.Logs = false
  166. }
  167. }
  168. func (cfg *Config) sanitizeLogHistoryPageSize() {
  169. if cfg.LogHistoryPageSize < 10 {
  170. log.Warnf("LogsHistoryLimit is too low, setting it to 10")
  171. cfg.LogHistoryPageSize = 10
  172. } else if cfg.LogHistoryPageSize > 100 {
  173. log.Warnf("LogsHistoryLimit is high, you can do this, but expect browser lag.")
  174. }
  175. }
  176. func (cfg *Config) sanitizeLocalUserPasswords() {
  177. for _, user := range cfg.AuthLocalUsers.Users {
  178. if user.Password != "" {
  179. user.Password = parsePasswordTemplate(user.Password)
  180. }
  181. }
  182. }
  183. // parsePasswordTemplate expands {{ .Env.VAR }} in local user password fields using the process environment.
  184. func parsePasswordTemplate(source string) string {
  185. t, err := template.New("password").Option("missingkey=error").Parse(source)
  186. if err != nil {
  187. log.WithFields(log.Fields{"error": err}).Debug("Password template parse failed, using literal")
  188. return source
  189. }
  190. var b strings.Builder
  191. if err := t.Execute(&b, map[string]interface{}{"Env": env.BuildEnvMap()}); err != nil {
  192. log.WithFields(log.Fields{"error": err}).Debug("Password template execute failed, using literal")
  193. return source
  194. }
  195. return b.String()
  196. }
  197. func getActionID(action *Action) string {
  198. if action.ID == "" {
  199. return uuid.NewString()
  200. }
  201. if strings.Contains(action.ID, "{{") {
  202. log.Fatalf("Action IDs cannot contain variables")
  203. }
  204. return action.ID
  205. }
  206. //gocyclo:ignore
  207. func sanitizePopupOnStart(raw string, cfg *Config) string {
  208. switch raw {
  209. case "execution-dialog":
  210. return raw
  211. case "execution-dialog-output-html":
  212. return raw
  213. case "execution-dialog-stdout-only":
  214. return raw
  215. case "execution-button":
  216. return raw
  217. default:
  218. return cfg.DefaultPopupOnStart
  219. }
  220. }
  221. func (arg *ActionArgument) sanitize() {
  222. if arg.Title == "" {
  223. arg.Title = arg.Name
  224. }
  225. for idx, choice := range arg.Choices {
  226. if choice.Title == "" {
  227. arg.Choices[idx].Title = choice.Value
  228. }
  229. }
  230. arg.sanitizeNoType()
  231. // TODO Validate the default against the type checker, but this creates a
  232. // import loop
  233. }
  234. func (arg *ActionArgument) sanitizeNoType() {
  235. if len(arg.Choices) == 0 && arg.Type == "" {
  236. log.WithFields(log.Fields{
  237. "arg": arg.Name,
  238. }).Warn("Argument type isn't set, will default to 'ascii' but this may not be safe. You should set a type specifically.")
  239. arg.Type = "ascii"
  240. }
  241. }