From d2b48a648f0a253f23b03ee11029e41c97225da9 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 29 Nov 2024 10:46:27 +0100
Subject: [PATCH 01/14] Add support for user provided CA certificate to
establish secure connections with a mysql/mariadb server
---
server/config.js | 6 ++++++
server/database.js | 14 ++++++++++++++
server/setup-database.js | 13 +++++++++++++
3 files changed, 33 insertions(+)
diff --git a/server/config.js b/server/config.js
index 515b90465..ce1e35293 100644
--- a/server/config.js
+++ b/server/config.js
@@ -1,3 +1,4 @@
+/* eslint-disable linebreak-style */
const isFreeBSD = /^freebsd/.test(process.platform);
// Interop with browser
@@ -19,6 +20,9 @@ const sslKeyPassphrase = args["ssl-key-passphrase"] || process.env.UPTIME_KUMA_S
const isSSL = sslKey && sslCert;
+const mariaDbSslCert = args["UPTIME_KUMA_DB_SSL_CERT"] || process.env.UPTIME_KUMA_DB_SSL_CERT || process.env.MARIADB_SSL_CERT || undefined;
+const mariaDbUseSSL = mariaDbSslCert ? "true" : "false";
+
/**
* Get the local WebSocket URL
* @returns {string} The local WebSocket URL
@@ -43,4 +47,6 @@ module.exports = {
isSSL,
localWebSocketURL,
demoMode,
+ mariaDbSslCert,
+ mariaDbUseSSL
};
diff --git a/server/database.js b/server/database.js
index 3b7646de8..55141faee 100644
--- a/server/database.js
+++ b/server/database.js
@@ -1,3 +1,4 @@
+/* eslint-disable linebreak-style */
const fs = require("fs");
const { R } = require("redbean-node");
const { setSetting, setting } = require("./util-server");
@@ -11,6 +12,7 @@ const { UptimeCalculator } = require("./uptime-calculator");
const dayjs = require("dayjs");
const { SimpleMigrationServer } = require("./utils/simple-migration-server");
const KumaColumnCompiler = require("./utils/knex/lib/dialects/mysql2/schema/mysql2-columncompiler");
+const { mariaDbSslCert, mariaDbUseSSL } = require("./config");
/**
* Database & App Data Folder
@@ -259,11 +261,22 @@ class Database {
throw Error("Invalid database name. A database name can only consist of letters, numbers and underscores");
}
+ let sslConfig = null;
+ let serverCa = undefined;
+ if (mariaDbUseSSL) {
+ serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ];
+ sslConfig = {
+ rejectUnauthorized: true,
+ ca: serverCa
+ };
+ }
+
const connection = await mysql.createConnection({
host: dbConfig.hostname,
port: dbConfig.port,
user: dbConfig.username,
password: dbConfig.password,
+ ssl: sslConfig
});
await connection.execute("CREATE DATABASE IF NOT EXISTS " + dbConfig.dbName + " CHARACTER SET utf8mb4");
@@ -278,6 +291,7 @@ class Database {
password: dbConfig.password,
database: dbConfig.dbName,
timezone: "Z",
+ ssl: sslConfig,
typeCast: function (field, next) {
if (field.type === "DATETIME") {
// Do not perform timezone conversion
diff --git a/server/setup-database.js b/server/setup-database.js
index 483f2c9a4..a73e28596 100644
--- a/server/setup-database.js
+++ b/server/setup-database.js
@@ -1,3 +1,4 @@
+/* eslint-disable linebreak-style */
const express = require("express");
const { log } = require("../src/util");
const expressStaticGzip = require("express-static-gzip");
@@ -6,6 +7,7 @@ const path = require("path");
const Database = require("./database");
const { allowDevAllOrigin } = require("./util-server");
const mysql = require("mysql2/promise");
+const { mariaDbUseSSL, mariaDbSslCert } = require("./config");
/**
* A standalone express app that is used to setup a database
@@ -208,11 +210,22 @@ class SetupDatabase {
// Test connection
try {
+ let sslConfig = null;
+ let serverCa = undefined;
+ if (mariaDbUseSSL) {
+ serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ];
+ sslConfig = {
+ rejectUnauthorized: true,
+ ca: serverCa
+ };
+ }
+
const connection = await mysql.createConnection({
host: dbConfig.hostname,
port: dbConfig.port,
user: dbConfig.username,
password: dbConfig.password,
+ ssl: sslConfig
});
await connection.execute("SELECT 1");
connection.end();
From 98ba019cf08b3e46316763c5cefba35112131d6e Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 29 Nov 2024 11:42:06 +0100
Subject: [PATCH 02/14] Fix always true if condition
---
server/database.js | 2 +-
server/setup-database.js | 4 +---
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/server/database.js b/server/database.js
index 55141faee..a452bfed1 100644
--- a/server/database.js
+++ b/server/database.js
@@ -263,7 +263,7 @@ class Database {
let sslConfig = null;
let serverCa = undefined;
- if (mariaDbUseSSL) {
+ if (mariaDbUseSSL === true) {
serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ];
sslConfig = {
rejectUnauthorized: true,
diff --git a/server/setup-database.js b/server/setup-database.js
index a73e28596..dc8486b8b 100644
--- a/server/setup-database.js
+++ b/server/setup-database.js
@@ -207,19 +207,17 @@ class SetupDatabase {
this.runningSetup = false;
return;
}
-
// Test connection
try {
let sslConfig = null;
let serverCa = undefined;
- if (mariaDbUseSSL) {
+ if (mariaDbUseSSL === true) {
serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ];
sslConfig = {
rejectUnauthorized: true,
ca: serverCa
};
}
-
const connection = await mysql.createConnection({
host: dbConfig.hostname,
port: dbConfig.port,
From 69896a7299a72f734ef0b719b335358f25d392f9 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 11:43:25 +0100
Subject: [PATCH 03/14] Rename the UPTIME_KUMA_DB_SSL_CERT environment variable
to a more expressive name
---
server/config.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/server/config.js b/server/config.js
index ce1e35293..e94804b63 100644
--- a/server/config.js
+++ b/server/config.js
@@ -20,7 +20,7 @@ const sslKeyPassphrase = args["ssl-key-passphrase"] || process.env.UPTIME_KUMA_S
const isSSL = sslKey && sslCert;
-const mariaDbSslCert = args["UPTIME_KUMA_DB_SSL_CERT"] || process.env.UPTIME_KUMA_DB_SSL_CERT || process.env.MARIADB_SSL_CERT || undefined;
+const mariaDbSslCert = args["UPTIME_KUMA_DB_SSL_CERT"] || process.env.UPTIME_KUMA_DB_CA_CERT || process.env.MARIADB_SSL_CERT || undefined;
const mariaDbUseSSL = mariaDbSslCert ? "true" : "false";
/**
From 0943e5d35407433d08cbfbd5af6838bd479864aa Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 11:43:43 +0100
Subject: [PATCH 04/14] Remove unused config
---
server/database.js | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/server/database.js b/server/database.js
index a452bfed1..26a46cf2b 100644
--- a/server/database.js
+++ b/server/database.js
@@ -12,7 +12,6 @@ const { UptimeCalculator } = require("./uptime-calculator");
const dayjs = require("dayjs");
const { SimpleMigrationServer } = require("./utils/simple-migration-server");
const KumaColumnCompiler = require("./utils/knex/lib/dialects/mysql2/schema/mysql2-columncompiler");
-const { mariaDbSslCert, mariaDbUseSSL } = require("./config");
/**
* Database & App Data Folder
@@ -186,10 +185,18 @@ class Database {
/**
* @typedef {string|undefined} envString
- * @param {{type: "sqlite"} | {type:envString, hostname:envString, port:envString, database:envString, username:envString, password:envString}} dbConfig the database configuration that should be written
+ * @param {{type: "sqlite"} | {type:envString, hostname:envString, port:envString, database:envString, username:envString, password:envString, caFilePath:envString}} dbConfig the database configuration that should be written
* @returns {void}
*/
static writeDBConfig(dbConfig) {
+ // Move CA file to the data directory
+ if (dbConfig.caFilePath) {
+ const dataCaFilePath = path.join(Database.dataDir, "mariadb-ca.pem");
+ fs.renameSync(dbConfig.caFilePath, dataCaFilePath);
+ dbConfig.caFilePath = dataCaFilePath;
+ dbConfig.ssl = undefined;
+ dbConfig.caFile = undefined;
+ }
fs.writeFileSync(path.join(Database.dataDir, "db-config.json"), JSON.stringify(dbConfig, null, 4));
}
@@ -263,8 +270,8 @@ class Database {
let sslConfig = null;
let serverCa = undefined;
- if (mariaDbUseSSL === true) {
- serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ];
+ if (dbConfig.caFilePath) {
+ serverCa = [ fs.readFileSync(dbConfig.caFilePath, "utf8") ];
sslConfig = {
rejectUnauthorized: true,
ca: serverCa
@@ -290,8 +297,9 @@ class Database {
user: dbConfig.username,
password: dbConfig.password,
database: dbConfig.dbName,
- timezone: "Z",
ssl: sslConfig,
+ timezone: "Z",
+ //ssl: sslConfig,
typeCast: function (field, next) {
if (field.type === "DATETIME") {
// Do not perform timezone conversion
From bef4479976b730eeb295e77b3a4b004230745f78 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 11:44:24 +0100
Subject: [PATCH 05/14] Add CA file upload to the maria db ui
---
src/lang/en.json | 1 +
src/pages/SetupDatabase.vue | 32 +++++++++++++++++++++++++++++++-
2 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/src/lang/en.json b/src/lang/en.json
index e215f1031..cdea2ad9d 100644
--- a/src/lang/en.json
+++ b/src/lang/en.json
@@ -6,6 +6,7 @@
"setupDatabaseSQLite": "A simple database file, recommended for small-scale deployments. Prior to v2.0.0, Uptime Kuma used SQLite as the default database.",
"settingUpDatabaseMSG": "Setting up the database. It may take a while, please be patient.",
"dbName": "Database Name",
+ "caFile": "Database CA certificate",
"Settings": "Settings",
"Dashboard": "Dashboard",
"Help": "Help",
diff --git a/src/pages/SetupDatabase.vue b/src/pages/SetupDatabase.vue
index 81738a98b..c7fef2c8c 100644
--- a/src/pages/SetupDatabase.vue
+++ b/src/pages/SetupDatabase.vue
@@ -90,8 +90,12 @@
<input id="floatingInput" v-model="dbConfig.dbName" type="text" class="form-control" required>
<label for="floatingInput">{{ $t("dbName") }}</label>
</div>
- </template>
+ <div class="mb2 mt-3 short">
+ <label for="caInput" class="mb-2">{{ $t("caFile") }}</label>
+ <input id="caInput" type="file" accept="application/x-pem-file, .pem" class="form-control" @change="onCaFileChange">
+ </div>
+ </template>
<button class="btn btn-primary mt-4 short" type="submit" :disabled="disabledButton">
{{ $t("Next") }}
</button>
@@ -117,6 +121,7 @@ export default {
username: "",
password: "",
dbName: "kuma",
+ caFile: ""
},
info: {
needSetup: false,
@@ -178,6 +183,15 @@ export default {
}
},
+ onCaFileChange(e) {
+ const fileReader = new FileReader();
+ fileReader.onload = () => {
+ this.dbConfig.caFile = fileReader.result;
+ console.log(this.dbConfig.caFile);
+ };
+ fileReader.readAsDataURL(e.target.files[0]);
+ },
+
test() {
this.$root.toastError("not implemented");
}
@@ -186,6 +200,22 @@ export default {
</script>
<style lang="scss" scoped>
+@import "../assets/vars.scss";
+
+.dark {
+ #caInput {
+ &::file-selector-button {
+ color: $primary;
+ background-color: $dark-bg;
+ }
+
+ &:hover:not(:disabled):not([readonly])::file-selector-button {
+ color: $dark-font-color2;
+ background-color: $primary;
+ }
+ }
+}
+
.form-container {
display: flex;
align-items: center;
From e73c87cfae25285d6204e31daf6f81e493a24afe Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 11:45:41 +0100
Subject: [PATCH 06/14] Add support for a user provided CA file to connect to
maria/mysql
---
server/setup-database.js | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/server/setup-database.js b/server/setup-database.js
index dc8486b8b..efd19f917 100644
--- a/server/setup-database.js
+++ b/server/setup-database.js
@@ -79,6 +79,7 @@ class SetupDatabase {
dbConfig.dbName = process.env.UPTIME_KUMA_DB_NAME;
dbConfig.username = process.env.UPTIME_KUMA_DB_USERNAME;
dbConfig.password = process.env.UPTIME_KUMA_DB_PASSWORD;
+ dbConfig.caFilePath = process.env.UPTIME_KUMA_DB_CA_CERT;
Database.writeDBConfig(dbConfig);
}
@@ -207,17 +208,44 @@ class SetupDatabase {
this.runningSetup = false;
return;
}
+
+ if (dbConfig.caFile) {
+ const base64Data = dbConfig.caFile.replace(/^data:application\/octet-stream;base64,/, "");
+ console.log(dbConfig);
+ console.log(base64Data);
+ console.log(dbConfig.caFile);
+ const binaryData = Buffer.from(base64Data, "base64").toString("binary");
+ const tempCaDirectory = fs.mkdtempSync("kuma-ca-");
+ dbConfig.caFilePath = path.join(tempCaDirectory, "ca.pem");
+ try {
+ fs.writeFileSync(dbConfig.caFilePath, binaryData, "binary");
+ } catch (err) {
+
+ response.status(400).json("Cannot write CA file: " + err.message);
+ this.runningSetup = false;
+ return;
+ }
+ dbConfig.ssl = {
+ rejectUnauthorized: true,
+ ca: [ fs.readFileSync(dbConfig.caFilePath) ]
+ };
+ }
+
// Test connection
try {
let sslConfig = null;
let serverCa = undefined;
- if (mariaDbUseSSL === true) {
+ if (mariaDbUseSSL === true && !dbConfig.ssl) {
+ dbConfig.caFilePath = mariaDbSslCert;
serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ];
sslConfig = {
rejectUnauthorized: true,
ca: serverCa
};
+ } else if (dbConfig.ssl) {
+ sslConfig = dbConfig.ssl;
}
+
const connection = await mysql.createConnection({
host: dbConfig.hostname,
port: dbConfig.port,
From 647ca7c7a93bbe0f4c904d5f914d4da58a905a88 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 12:01:27 +0100
Subject: [PATCH 07/14] Rename the translation variable for the maria db CA
file and add more details on it's use
---
src/lang/en.json | 2 +-
src/pages/SetupDatabase.vue | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lang/en.json b/src/lang/en.json
index cdea2ad9d..464e89abe 100644
--- a/src/lang/en.json
+++ b/src/lang/en.json
@@ -4,9 +4,9 @@
"setupDatabaseEmbeddedMariaDB": "You don't need to set anything. This docker image has embedded and configured MariaDB for you automatically. Uptime Kuma will connect to this database via unix socket.",
"setupDatabaseMariaDB": "Connect to an external MariaDB database. You need to set the database connection information.",
"setupDatabaseSQLite": "A simple database file, recommended for small-scale deployments. Prior to v2.0.0, Uptime Kuma used SQLite as the default database.",
+ "configureMariaCaFile": "You will sometimes need to provide a CA certificate to connect to database with 'require-secure-transport' on, such as Azure MySql flexible servers. \n You can upload the CA file that will be used to enable a secure connecti",
"settingUpDatabaseMSG": "Setting up the database. It may take a while, please be patient.",
"dbName": "Database Name",
- "caFile": "Database CA certificate",
"Settings": "Settings",
"Dashboard": "Dashboard",
"Help": "Help",
diff --git a/src/pages/SetupDatabase.vue b/src/pages/SetupDatabase.vue
index c7fef2c8c..9b1a36610 100644
--- a/src/pages/SetupDatabase.vue
+++ b/src/pages/SetupDatabase.vue
@@ -92,7 +92,7 @@
</div>
<div class="mb2 mt-3 short">
- <label for="caInput" class="mb-2">{{ $t("caFile") }}</label>
+ <p class="mb-2">{{ $t("configureMariaCaFile") }}</p>
<input id="caInput" type="file" accept="application/x-pem-file, .pem" class="form-control" @change="onCaFileChange">
</div>
</template>
From a688239bb270139c5d43fb18f6e8086ace826582 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 13:07:03 +0100
Subject: [PATCH 08/14] Fix typo
---
src/lang/en.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lang/en.json b/src/lang/en.json
index 464e89abe..0fa0872b8 100644
--- a/src/lang/en.json
+++ b/src/lang/en.json
@@ -4,7 +4,7 @@
"setupDatabaseEmbeddedMariaDB": "You don't need to set anything. This docker image has embedded and configured MariaDB for you automatically. Uptime Kuma will connect to this database via unix socket.",
"setupDatabaseMariaDB": "Connect to an external MariaDB database. You need to set the database connection information.",
"setupDatabaseSQLite": "A simple database file, recommended for small-scale deployments. Prior to v2.0.0, Uptime Kuma used SQLite as the default database.",
- "configureMariaCaFile": "You will sometimes need to provide a CA certificate to connect to database with 'require-secure-transport' on, such as Azure MySql flexible servers. \n You can upload the CA file that will be used to enable a secure connecti",
+ "configureMariaCaFile": "You will sometimes need to provide a CA certificate to connect to database with 'require-secure-transport' on, such as Azure MySql flexible servers. \n You can upload the CA file that will be used to enable a secure connection.",
"settingUpDatabaseMSG": "Setting up the database. It may take a while, please be patient.",
"dbName": "Database Name",
"Settings": "Settings",
From 8b1556b0c78caab9d759d79ae0adf979f666c134 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 13:12:50 +0100
Subject: [PATCH 09/14] Fix another typo
---
src/lang/en.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lang/en.json b/src/lang/en.json
index 0fa0872b8..1c92ebbb7 100644
--- a/src/lang/en.json
+++ b/src/lang/en.json
@@ -4,7 +4,7 @@
"setupDatabaseEmbeddedMariaDB": "You don't need to set anything. This docker image has embedded and configured MariaDB for you automatically. Uptime Kuma will connect to this database via unix socket.",
"setupDatabaseMariaDB": "Connect to an external MariaDB database. You need to set the database connection information.",
"setupDatabaseSQLite": "A simple database file, recommended for small-scale deployments. Prior to v2.0.0, Uptime Kuma used SQLite as the default database.",
- "configureMariaCaFile": "You will sometimes need to provide a CA certificate to connect to database with 'require-secure-transport' on, such as Azure MySql flexible servers. \n You can upload the CA file that will be used to enable a secure connection.",
+ "configureMariaCaFile": "You will sometimes need to provide a CA certificate to connect to database with 'require-secure-transport' on. Such as when using Azure MySql flexible servers. You can upload the CA file that will be used to enable a secure connection.",
"settingUpDatabaseMSG": "Setting up the database. It may take a while, please be patient.",
"dbName": "Database Name",
"Settings": "Settings",
From ee6e13040301ecc89968db5f2e78d335904eb332 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 13:22:30 +0100
Subject: [PATCH 10/14] Remove unused variable
---
server/config.js | 5 -----
server/setup-database.js | 11 +----------
2 files changed, 1 insertion(+), 15 deletions(-)
diff --git a/server/config.js b/server/config.js
index e94804b63..17fad15dd 100644
--- a/server/config.js
+++ b/server/config.js
@@ -20,9 +20,6 @@ const sslKeyPassphrase = args["ssl-key-passphrase"] || process.env.UPTIME_KUMA_S
const isSSL = sslKey && sslCert;
-const mariaDbSslCert = args["UPTIME_KUMA_DB_SSL_CERT"] || process.env.UPTIME_KUMA_DB_CA_CERT || process.env.MARIADB_SSL_CERT || undefined;
-const mariaDbUseSSL = mariaDbSslCert ? "true" : "false";
-
/**
* Get the local WebSocket URL
* @returns {string} The local WebSocket URL
@@ -47,6 +44,4 @@ module.exports = {
isSSL,
localWebSocketURL,
demoMode,
- mariaDbSslCert,
- mariaDbUseSSL
};
diff --git a/server/setup-database.js b/server/setup-database.js
index efd19f917..f99167802 100644
--- a/server/setup-database.js
+++ b/server/setup-database.js
@@ -7,7 +7,6 @@ const path = require("path");
const Database = require("./database");
const { allowDevAllOrigin } = require("./util-server");
const mysql = require("mysql2/promise");
-const { mariaDbUseSSL, mariaDbSslCert } = require("./config");
/**
* A standalone express app that is used to setup a database
@@ -234,15 +233,7 @@ class SetupDatabase {
// Test connection
try {
let sslConfig = null;
- let serverCa = undefined;
- if (mariaDbUseSSL === true && !dbConfig.ssl) {
- dbConfig.caFilePath = mariaDbSslCert;
- serverCa = [ fs.readFileSync(mariaDbSslCert, "utf8") ];
- sslConfig = {
- rejectUnauthorized: true,
- ca: serverCa
- };
- } else if (dbConfig.ssl) {
+ if (dbConfig.ssl) {
sslConfig = dbConfig.ssl;
}
From 30693392e05e139e7b9c7dd31998768d7b232c65 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 13:33:37 +0100
Subject: [PATCH 11/14] Remove linter comments automatically added by editor
---
server/config.js | 1 -
server/database.js | 1 -
server/setup-database.js | 1 -
3 files changed, 3 deletions(-)
diff --git a/server/config.js b/server/config.js
index 17fad15dd..515b90465 100644
--- a/server/config.js
+++ b/server/config.js
@@ -1,4 +1,3 @@
-/* eslint-disable linebreak-style */
const isFreeBSD = /^freebsd/.test(process.platform);
// Interop with browser
diff --git a/server/database.js b/server/database.js
index 26a46cf2b..44005d6e9 100644
--- a/server/database.js
+++ b/server/database.js
@@ -1,4 +1,3 @@
-/* eslint-disable linebreak-style */
const fs = require("fs");
const { R } = require("redbean-node");
const { setSetting, setting } = require("./util-server");
diff --git a/server/setup-database.js b/server/setup-database.js
index f99167802..7ec9ceb05 100644
--- a/server/setup-database.js
+++ b/server/setup-database.js
@@ -1,4 +1,3 @@
-/* eslint-disable linebreak-style */
const express = require("express");
const { log } = require("../src/util");
const expressStaticGzip = require("express-static-gzip");
From 9151d991887ca1cae7f1134c62ce4f9c0e7a2a96 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 13:47:39 +0100
Subject: [PATCH 12/14] Make id kebab-cased
---
src/pages/SetupDatabase.vue | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/pages/SetupDatabase.vue b/src/pages/SetupDatabase.vue
index 9b1a36610..c4906d641 100644
--- a/src/pages/SetupDatabase.vue
+++ b/src/pages/SetupDatabase.vue
@@ -93,7 +93,7 @@
<div class="mb2 mt-3 short">
<p class="mb-2">{{ $t("configureMariaCaFile") }}</p>
- <input id="caInput" type="file" accept="application/x-pem-file, .pem" class="form-control" @change="onCaFileChange">
+ <input id="ca-input" type="file" accept="application/x-pem-file, .pem" class="form-control" @change="onCaFileChange">
</div>
</template>
<button class="btn btn-primary mt-4 short" type="submit" :disabled="disabledButton">
@@ -203,7 +203,7 @@ export default {
@import "../assets/vars.scss";
.dark {
- #caInput {
+ #ca-input {
&::file-selector-button {
color: $primary;
background-color: $dark-bg;
From aeffe6d5ade8264f876235c6638b1b885401540e Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 13:50:28 +0100
Subject: [PATCH 13/14] Add check to prevent user-provided
`dbConfig.caFilePath`.
---
server/setup-database.js | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/server/setup-database.js b/server/setup-database.js
index 7ec9ceb05..d704caac5 100644
--- a/server/setup-database.js
+++ b/server/setup-database.js
@@ -207,6 +207,11 @@ class SetupDatabase {
return;
}
+ // Prevent someone from injecting a CA file path not generated by the code below
+ if (dbConfig.caFilePath) {
+ dbConfig.caFilePath = undefined;
+ }
+
if (dbConfig.caFile) {
const base64Data = dbConfig.caFile.replace(/^data:application\/octet-stream;base64,/, "");
console.log(dbConfig);
From 69c779b382c96e60cb494e117548b3a7a86ad600 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Fri, 6 Dec 2024 13:58:21 +0100
Subject: [PATCH 14/14] Remove leftover logging from debugging
---
server/setup-database.js | 3 ---
1 file changed, 3 deletions(-)
diff --git a/server/setup-database.js b/server/setup-database.js
index d704caac5..ddf664a19 100644
--- a/server/setup-database.js
+++ b/server/setup-database.js
@@ -214,9 +214,6 @@ class SetupDatabase {
if (dbConfig.caFile) {
const base64Data = dbConfig.caFile.replace(/^data:application\/octet-stream;base64,/, "");
- console.log(dbConfig);
- console.log(base64Data);
- console.log(dbConfig.caFile);
const binaryData = Buffer.from(base64Data, "base64").toString("binary");
const tempCaDirectory = fs.mkdtempSync("kuma-ca-");
dbConfig.caFilePath = path.join(tempCaDirectory, "ca.pem");