mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 22:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add --overwrite-config and configurable uuid masking

Browse Source 
This is in preparation for the chat completions driver. OpenAI asks that
a user ID be provided in requests when service is being provided to
other users, so we deterministically generate different UUIDs for this
purpose to prevent user information from being exposed.
This commit is contained in:
KernelDeimos 2024-08-01 15:06:42 -04:00 committed by Eric Dubé
parent f924d48b02
commit ef6671da18
3 changed files with 42 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/backend/src/Kernel.js
View File

@ -61,6 +61,7 @@ class Kernel extends AdvancedBase {
const runtimeEnv = new RuntimeEnvironment({ const runtimeEnv = new RuntimeEnvironment({
entry_path: this.entry_path, entry_path: this.entry_path,
logger: bootLogger, logger: bootLogger,
boot_parameters,
}); });
const environment = runtimeEnv.init(); const environment = runtimeEnv.init();
this.environment = environment; this.environment = environment;

42
src/backend/src/boot/RuntimeEnvironment.js
View File

@ -195,10 +195,11 @@ class RuntimeEnvironment extends AdvancedBase {
format: require('string-template'), format: require('string-template'),
} }
constructor ({ logger, entry_path }) { constructor ({ logger, entry_path, boot_parameters }) {
super(); super();
this.logger = logger; this.logger = logger;
this.entry_path = entry_path; this.entry_path = entry_path;
this.boot_parameters = boot_parameters;
this.path_checks = path_checks(this)(this.modules); this.path_checks = path_checks(this)(this.modules);
this.config_paths = config_paths(this)(this.modules); this.config_paths = config_paths(this)(this.modules);
this.runtime_paths = runtime_paths(this)(this.modules); this.runtime_paths = runtime_paths(this)(this.modules);
@ -258,15 +259,44 @@ class RuntimeEnvironment extends AdvancedBase {
} }
} }
const owrite_config = this.boot_parameters.args.overwriteConfig;
const { fs, path_, crypto } = this.modules; const { fs, path_, crypto } = this.modules;
let config_values = {}; if ( !using_config || owrite_config ) {
if ( !using_config ) { const generated_values = {};
generated_values.cookie_name = crypto.randomUUID();
generated_values.jwt_secret = crypto.randomUUID();
generated_values.url_signature_secret = crypto.randomUUID();
generated_values.private_uid_secret = crypto.randomBytes(24).toString('hex');
generated_values.private_uid_namespace = crypto.randomUUID();
if ( using_config ) {
this.logger.info(
`Overwriting ${quot(using_config)} because ` +
`${hl('--overwrite-config')} is set`
);
// make backup
fs.copyFileSync(
path_.join(config_path_entry.path, using_config),
path_.join(config_path_entry.path, using_config + '.bak'),
);
// preserve generated values
{
const config_raw = fs.readFileSync(
path_.join(config_path_entry.path, using_config),
'utf8',
);
const config_values = JSON.parse(config_raw);
for ( const k in generated_values ) {
if ( config_values[k] ) {
generated_values[k] = config_values[k];
}
}
}
}
const generated_config = { const generated_config = {
...default_config, ...default_config,
...generated_values,
}; };
generated_config.cookie_name = crypto.randomUUID();
generated_config.jwt_secret = crypto.randomUUID();
generated_config.url_signature_secret = crypto.randomUUID();
generated_config[""] = null; // for trailing comma generated_config[""] = null; // for trailing comma
fs.writeFileSync( fs.writeFileSync(
path_.join(config_path_entry.path, 'config.json'), path_.join(config_path_entry.path, 'config.json'),

12
src/backend/src/services/auth/Actor.js
View File

@ -19,16 +19,14 @@
const { AdvancedBase } = require("@heyputer/puter-js-common"); const { AdvancedBase } = require("@heyputer/puter-js-common");
const { Context } = require("../../util/context"); const { Context } = require("../../util/context");
const { get_user, get_app } = require("../../helpers"); const { get_user, get_app } = require("../../helpers");
const config = require("../../config");
// TODO: add these to configuration; production deployments should change these! // TODO: add these to configuration; production deployments should change these!
// THIS IS NOT A LEAK const PRIVATE_UID_NAMESPACE = config.private_uid_namespace
// We use this to obscure user UUIDs, as some APIs require a user identifier ?? require('crypto').randomUUID();
// for abuse prevention. However, there are no services in selfhosted Puter const PRIVATE_UID_SECRET = config.private_uid_secret
// that currently make use of this, and we use different values on `puter.com`. ?? require('crypto').randomBytes(24).toString('hex');
const PRIVATE_UID_NAMESPACE = '1757dc3f-8f04-4d77-b939-ff899045696d';
const PRIVATE_UID_SECRET = 'bf03f0e52f5d93c83822ad8558c625277ce3dddff8dc4a5cb0d3c8493571f770';
// THIS IS NOT A LEAK (see above)
class Actor extends AdvancedBase { class Actor extends AdvancedBase {
static MODULES = { static MODULES = {