aljaz/cyphernode
1
0
Fork 0
mirror of https://github.com/aljazceru/cyphernode.git synced 2025-12-18 05:05:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correctly check groups access and upgrade to 0.2 instructions

Browse Source
This commit is contained in:
kexkey
2019-04-25 13:28:08 -04:00
committed by kexkey
parent 452ad78b32
commit 9b8db7d5de
3 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api_auth_docker/api-sample.properties
View File

@@ -38,6 +38,7 @@ action_ln_newaddr=spender
action_ots_stamp=spender action_ots_stamp=spender
action_ots_getfile=spender action_ots_getfile=spender
action_ln_getinvoice=spender action_ln_getinvoice=spender
action_ln_decodebolt11=spender
action_ln_connectfund=spender action_ln_connectfund=spender
# Admin can do what the spender can do, plus: # Admin can do what the spender can do, plus:

14
api_auth_docker/auth.sh
View File

@@ -106,10 +106,10 @@ verify_group()
eval ugroups='$ugroups_'$id eval ugroups='$ugroups_'$id
trace "[verify_group] user groups=${ugroups}" trace "[verify_group] user groups=${ugroups}"
if [ $context = "s" ]; then if [ ${context} = "s" ]; then
# static files only accessible by a certain group # static files only accessible by a certain group
needed_group=${action} needed_group=${action}
elif [ $context = "v0" ]; then elif [ ${context} = "v0" ]; then
# actual api calls # actual api calls
# It is so much faster to include the keys here instead of grep'ing the file for key. # It is so much faster to include the keys here instead of grep'ing the file for key.
. ./api.properties . ./api.properties
@@ -118,10 +118,12 @@ verify_group()
trace "[verify_group] needed_group=${needed_group}" trace "[verify_group] needed_group=${needed_group}"
# If needed_group is empty, the action was not found in api.propeties.
case "${ugroups}" in if [ -n "${needed_group}" ]; then
*${needed_group}*) trace "[verify_group] Access granted"; return 0 ;; case "${ugroups}" in
esac *${needed_group}*) trace "[verify_group] Access granted"; return 0 ;;
esac
fi
trace "[verify_group] Access NOT granted" trace "[verify_group] Access NOT granted"
return 1 return 1

27
doc/UPGRADE.md Normal file
View File

@@ -0,0 +1,27 @@
# Upgrade notes from 0.1 to 0.2
1. cd currentInstallation, where setup.sh is located
2. ./stop.sh current running cyphernode
3. Execute:
```
docker run --rm -it -v "$PWD:/conf" alpine:3.8
apk add --no-cache --update jq curl p7zip
cd conf
7z e config.7z
```
<enter your password>
```
k=$(dd if=/dev/urandom bs=32 count=1 2> /dev/null | xxd -pc 32) && l="kapi_id=\\\"000\\\";kapi_key=\\\"$k\\\";kapi_groups=\\\"stats\\\";eval ugroups_\${kapi_id}=\${kapi_groups};eval ukey_\${kapi_id}=\${kapi_key}" && cat config.json | sed 's/kapi_groups=\\"/kapi_groups=\\"stats,/g' | jq ".gatekeeper_keys.configEntries = [\"$l\"] + .gatekeeper_keys.configEntries" | jq ".gatekeeper_keys.clientInformation = [\"000=$k\"] + .gatekeeper_keys.clientInformation" | jq ".gatekeeper_apiproperties = \"$(curl -fsSL https://raw.githubusercontent.com/SatoshiPortal/cyphernode/v0.2.0-rc.5/api_auth_docker/api-sample.properties | paste -s -d '\n')\"" > config.json
7z u config.7z config.json
```
<enter your password>
<CTRL-D>
```
curl -fsSL https://raw.githubusercontent.com/SatoshiPortal/cyphernode/v0.2.0-rc.5/dist/setup.sh -o setup_cyphernode.sh && chmod +x setup_cyphernode.sh && ./setup_cyphernode.sh
```