Browse Source

Feature/mongodb security (#5602)

pull/5604/head
sb 7 months ago
committed by GitHub
parent
commit
a3a00d9499
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 1
      weed/command/scaffold/filer.toml
  2. 11
      weed/filer/mongodb/mongodb_store.go

1
weed/command/scaffold/filer.toml

@ -286,6 +286,7 @@ ssl = false
ssl_ca_file = ""
ssl_cert_file = ""
ssl_key_file = "
insecure_skip_verify = false
option_pool_size = 0
database = "seaweedfs"

11
weed/filer/mongodb/mongodb_store.go

@ -48,11 +48,12 @@ func (store *MongodbStore) Initialize(configuration util.Configuration, prefix s
sslKeyFile := configuration.GetString(prefix + "ssl_key_file")
username := configuration.GetString(prefix + "username")
password := configuration.GetString(prefix + "password")
insecure_skip_verify := configuration.GetBool(prefix + "insecure_skip_verify")
return store.connection(uri, uint64(poolSize), ssl, sslCAFile, sslCertFile, sslKeyFile, username, password)
return store.connection(uri, uint64(poolSize), ssl, sslCAFile, sslCertFile, sslKeyFile, username, password, insecure_skip_verify)
}
func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, sslCAFile, sslCertFile, sslKeyFile string, username, password string) (err error) {
func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, sslCAFile, sslCertFile, sslKeyFile string, username, password string, insecure bool) (err error) {
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
@ -63,7 +64,7 @@ func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, ssl
}
if ssl {
tlsConfig, err := configureTLS(sslCAFile, sslCertFile, sslKeyFile)
tlsConfig, err := configureTLS(sslCAFile, sslCertFile, sslKeyFile, insecure)
if err != nil {
return err
}
@ -90,7 +91,7 @@ func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, ssl
return err
}
func configureTLS(caFile, certFile, keyFile string) (*tls.Config, error) {
func configureTLS(caFile, certFile, keyFile string, insecure bool) (*tls.Config, error) {
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, fmt.Errorf("could not load client key pair: %s", err)
@ -109,7 +110,7 @@ func configureTLS(caFile, certFile, keyFile string) (*tls.Config, error) {
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
InsecureSkipVerify: true,
InsecureSkipVerify: insecure,
}
return tlsConfig, nil

Loading…
Cancel
Save