feat: check if the secret in config/share.yml has been changed during registration (#3223)

* feat: check if the secret in config/share.yml has been changed during registration. * fix: cicd * fix: code * fix: cicd * fix: cicd * fix: cicd * fix: cicd * fix: cicd
2025-04-05 05:12:45 +08:00 · 2025-03-13 18:21:48 +08:00 · 2025-03-13 18:21:48 +08:00 · 0b9dbd301c
commit 0b9dbd301c
parent 3516f843db
4 changed files with 38 additions and 11 deletions
--- a/.github/workflows/go-build-test.yml
+++ b/.github/workflows/go-build-test.yml
@ -12,6 +12,10 @@ jobs:
  go-build:
    name: Test with go ${{ matrix.go_version }} on ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
+
+    env:
+      SHARE_CONFIG_PATH: config/share.yml
+
    permissions:
      contents: write
      pull-requests: write
@ -40,6 +44,10 @@ jobs:
        with:
          compose-file: "./docker-compose.yml"

+      - name: Modify Server Configuration
+        run: |
+          yq e '.secret = 123456' -i ${{ env.SHARE_CONFIG_PATH }}
+
      # - name: Get Internal IP Address
      #   id: get-ip
      #   run: |
@ -71,6 +79,11 @@ jobs:
          go mod download
          go install github.com/magefile/mage@latest

+      - name: Modify Chat Configuration
+        run: |
+          cd ${{ github.workspace }}/chat-repo
+          yq e '.openIM.secret = 123456' -i ${{ env.SHARE_CONFIG_PATH }}
+
      - name: Build and test Chat Services
        run: |
          cd ${{ github.workspace }}/chat-repo
@ -132,7 +145,7 @@ jobs:

          # Test get admin token
          get_admin_token_response=$(curl -X POST -H "Content-Type: application/json" -H "operationID: imAdmin" -d '{
-            "secret": "openIM123",
+            "secret": "123456",
            "platformID": 2,
            "userID": "imAdmin"
          }' http://127.0.0.1:10002/auth/get_admin_token)
@ -169,7 +182,8 @@ jobs:
      contents: write
    env:
      SDK_DIR: openim-sdk-core
-      CONFIG_PATH: config/notification.yml
+      NOTIFICATION_CONFIG_PATH: config/notification.yml
+      SHARE_CONFIG_PATH: config/share.yml

    strategy:
      matrix:
@ -184,7 +198,7 @@ jobs:
        uses: actions/checkout@v4
        with:
          repository: "openimsdk/openim-sdk-core"
-          ref: "release-v3.8"
+          ref: "main"
          path: ${{ env.SDK_DIR }}

      - name: Set up Go ${{ matrix.go_version }}
@ -199,8 +213,9 @@ jobs:

      - name: Modify Server Configuration
        run: |
-          yq e '.groupCreated.isSendMsg = true' -i ${{ env.CONFIG_PATH }}
-          yq e '.friendApplicationApproved.isSendMsg = true' -i ${{ env.CONFIG_PATH }}
+          yq e '.groupCreated.isSendMsg = true' -i ${{ env.NOTIFICATION_CONFIG_PATH }}
+          yq e '.friendApplicationApproved.isSendMsg = true' -i ${{ env.NOTIFICATION_CONFIG_PATH }}
+          yq e '.secret = 123456' -i ${{ env.SHARE_CONFIG_PATH }}

      - name: Start Server Services
        run: |
--- a/internal/rpc/user/user.go
+++ b/internal/rpc/user/user.go
@ -49,6 +49,10 @@ import (
 	"google.golang.org/grpc"
 )

+const (
+	defaultSecret = "openIM123"
+)
+
 type userServer struct {
 	pbuser.UnimplementedUserServer
 	online                   cache.OnlineCache
@ -273,6 +277,10 @@ func (s *userServer) UserRegister(ctx context.Context, req *pbuser.UserRegisterR
 	if len(req.Users) == 0 {
 		return nil, errs.ErrArgs.WrapMsg("users is empty")
 	}
+	// check if secret is changed
+	if s.config.Share.Secret == defaultSecret {
+		return nil, servererrs.ErrSecretNotChanged.Wrap()
+	}

 	if err = authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil {
 		return nil, err
--- a/pkg/common/servererrs/code.go
+++ b/pkg/common/servererrs/code.go
@ -37,7 +37,8 @@ const (

 // General error codes.
 const (
-	NoError       = 0     // No error
+	NoError = 0 // No error
+
 	DatabaseError = 90002 // Database error (redis/mysql, etc.)
 	NetworkError  = 90004 // Network error
 	DataError     = 90007 // Data error
@ -45,11 +46,12 @@ const (
 	CallbackError = 80000

 	// General error codes.
-	ServerInternalError = 500  // Server internal error
-	ArgsError           = 1001 // Input parameter error
-	NoPermissionError   = 1002 // Insufficient permission
-	DuplicateKeyError   = 1003
-	RecordNotFoundError = 1004 // Record does not exist
+	ServerInternalError   = 500  // Server internal error
+	ArgsError             = 1001 // Input parameter error
+	NoPermissionError     = 1002 // Insufficient permission
+	DuplicateKeyError     = 1003
+	RecordNotFoundError   = 1004 // Record does not exist
+	SecretNotChangedError = 1050 // secret not changed

 	// Account error codes.
 	UserIDNotFoundError    = 1101 // UserID does not exist or is not registered
--- a/pkg/common/servererrs/predefine.go
+++ b/pkg/common/servererrs/predefine.go
@ -17,6 +17,8 @@ package servererrs
 import "github.com/openimsdk/tools/errs"

 var (
+	ErrSecretNotChanged = errs.NewCodeError(SecretNotChangedError, "secret not changed, please change secret in config/share.yml for security reasons")
+
 	ErrDatabase         = errs.NewCodeError(DatabaseError, "DatabaseError")
 	ErrNetwork          = errs.NewCodeError(NetworkError, "NetworkError")
 	ErrCallback         = errs.NewCodeError(CallbackError, "CallbackError")