Merge pull request #3328 from openimsdk/cherry-pick-0b9dbd3

feat: check if the secret in config/share.yml has been changed during registration [Created by @icey-yu from #3223]
This commit is contained in:
chao 2025-05-14 16:27:06 +08:00 committed by GitHub
commit a10918a9dd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 38 additions and 11 deletions

View File

@ -12,6 +12,10 @@ jobs:
go-build: go-build:
name: Test with go ${{ matrix.go_version }} on ${{ matrix.os }} name: Test with go ${{ matrix.go_version }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
env:
SHARE_CONFIG_PATH: config/share.yml
permissions: permissions:
contents: write contents: write
pull-requests: write pull-requests: write
@ -40,6 +44,10 @@ jobs:
with: with:
compose-file: "./docker-compose.yml" compose-file: "./docker-compose.yml"
- name: Modify Server Configuration
run: |
yq e '.secret = 123456' -i ${{ env.SHARE_CONFIG_PATH }}
# - name: Get Internal IP Address # - name: Get Internal IP Address
# id: get-ip # id: get-ip
# run: | # run: |
@ -71,6 +79,11 @@ jobs:
go mod download go mod download
go install github.com/magefile/mage@latest go install github.com/magefile/mage@latest
- name: Modify Chat Configuration
run: |
cd ${{ github.workspace }}/chat-repo
yq e '.openIM.secret = 123456' -i ${{ env.SHARE_CONFIG_PATH }}
- name: Build and test Chat Services - name: Build and test Chat Services
run: | run: |
cd ${{ github.workspace }}/chat-repo cd ${{ github.workspace }}/chat-repo
@ -132,7 +145,7 @@ jobs:
# Test get admin token # Test get admin token
get_admin_token_response=$(curl -X POST -H "Content-Type: application/json" -H "operationID: imAdmin" -d '{ get_admin_token_response=$(curl -X POST -H "Content-Type: application/json" -H "operationID: imAdmin" -d '{
"secret": "openIM123", "secret": "123456",
"platformID": 2, "platformID": 2,
"userID": "imAdmin" "userID": "imAdmin"
}' http://127.0.0.1:10002/auth/get_admin_token) }' http://127.0.0.1:10002/auth/get_admin_token)
@ -169,7 +182,8 @@ jobs:
contents: write contents: write
env: env:
SDK_DIR: openim-sdk-core SDK_DIR: openim-sdk-core
CONFIG_PATH: config/notification.yml NOTIFICATION_CONFIG_PATH: config/notification.yml
SHARE_CONFIG_PATH: config/share.yml
strategy: strategy:
matrix: matrix:
@ -184,7 +198,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: "openimsdk/openim-sdk-core" repository: "openimsdk/openim-sdk-core"
ref: "release-v3.8" ref: "main"
path: ${{ env.SDK_DIR }} path: ${{ env.SDK_DIR }}
- name: Set up Go ${{ matrix.go_version }} - name: Set up Go ${{ matrix.go_version }}
@ -199,8 +213,9 @@ jobs:
- name: Modify Server Configuration - name: Modify Server Configuration
run: | run: |
yq e '.groupCreated.isSendMsg = true' -i ${{ env.CONFIG_PATH }} yq e '.groupCreated.isSendMsg = true' -i ${{ env.NOTIFICATION_CONFIG_PATH }}
yq e '.friendApplicationApproved.isSendMsg = true' -i ${{ env.CONFIG_PATH }} yq e '.friendApplicationApproved.isSendMsg = true' -i ${{ env.NOTIFICATION_CONFIG_PATH }}
yq e '.secret = 123456' -i ${{ env.SHARE_CONFIG_PATH }}
- name: Start Server Services - name: Start Server Services
run: | run: |

View File

@ -51,6 +51,10 @@ import (
"google.golang.org/grpc" "google.golang.org/grpc"
) )
const (
defaultSecret = "openIM123"
)
type userServer struct { type userServer struct {
pbuser.UnimplementedUserServer pbuser.UnimplementedUserServer
online cache.OnlineCache online cache.OnlineCache
@ -273,6 +277,10 @@ func (s *userServer) UserRegister(ctx context.Context, req *pbuser.UserRegisterR
if len(req.Users) == 0 { if len(req.Users) == 0 {
return nil, errs.ErrArgs.WrapMsg("users is empty") return nil, errs.ErrArgs.WrapMsg("users is empty")
} }
// check if secret is changed
if s.config.Share.Secret == defaultSecret {
return nil, servererrs.ErrSecretNotChanged.Wrap()
}
if err = authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil { if err = authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil {
return nil, err return nil, err

View File

@ -37,7 +37,8 @@ const (
// General error codes. // General error codes.
const ( const (
NoError = 0 // No error NoError = 0 // No error
DatabaseError = 90002 // Database error (redis/mysql, etc.) DatabaseError = 90002 // Database error (redis/mysql, etc.)
NetworkError = 90004 // Network error NetworkError = 90004 // Network error
DataError = 90007 // Data error DataError = 90007 // Data error
@ -45,11 +46,12 @@ const (
CallbackError = 80000 CallbackError = 80000
// General error codes. // General error codes.
ServerInternalError = 500 // Server internal error ServerInternalError = 500 // Server internal error
ArgsError = 1001 // Input parameter error ArgsError = 1001 // Input parameter error
NoPermissionError = 1002 // Insufficient permission NoPermissionError = 1002 // Insufficient permission
DuplicateKeyError = 1003 DuplicateKeyError = 1003
RecordNotFoundError = 1004 // Record does not exist RecordNotFoundError = 1004 // Record does not exist
SecretNotChangedError = 1050 // secret not changed
// Account error codes. // Account error codes.
UserIDNotFoundError = 1101 // UserID does not exist or is not registered UserIDNotFoundError = 1101 // UserID does not exist or is not registered

View File

@ -17,6 +17,8 @@ package servererrs
import "github.com/openimsdk/tools/errs" import "github.com/openimsdk/tools/errs"
var ( var (
ErrSecretNotChanged = errs.NewCodeError(SecretNotChangedError, "secret not changed, please change secret in config/share.yml for security reasons")
ErrDatabase = errs.NewCodeError(DatabaseError, "DatabaseError") ErrDatabase = errs.NewCodeError(DatabaseError, "DatabaseError")
ErrNetwork = errs.NewCodeError(NetworkError, "NetworkError") ErrNetwork = errs.NewCodeError(NetworkError, "NetworkError")
ErrCallback = errs.NewCodeError(CallbackError, "CallbackError") ErrCallback = errs.NewCodeError(CallbackError, "CallbackError")