feat: check runner token

This commit is contained in:
Jason Song 2022-11-15 11:56:58 +08:00
parent 9c6476754d
commit 94241daaaa

View File

@ -6,6 +6,7 @@ package runner
import ( import (
"context" "context"
"crypto/subtle"
"strings" "strings"
bots_model "code.gitea.io/gitea/models/bots" bots_model "code.gitea.io/gitea/models/bots"
@ -21,6 +22,7 @@ import (
const ( const (
runnerOnlineTimeDeltaSecs = 30 runnerOnlineTimeDeltaSecs = 30
uuidHeaderKey = "x-runner-uuid" uuidHeaderKey = "x-runner-uuid"
tokenHeaderKey = "x-runner-token"
) )
var WithRunner = connect.WithInterceptors(connect.UnaryInterceptorFunc(func(unaryFunc connect.UnaryFunc) connect.UnaryFunc { var WithRunner = connect.WithInterceptors(connect.UnaryInterceptorFunc(func(unaryFunc connect.UnaryFunc) connect.UnaryFunc {
@ -29,6 +31,7 @@ var WithRunner = connect.WithInterceptors(connect.UnaryInterceptorFunc(func(unar
return unaryFunc(ctx, request) return unaryFunc(ctx, request)
} }
uuid := request.Header().Get(uuidHeaderKey) uuid := request.Header().Get(uuidHeaderKey)
token := request.Header().Get(tokenHeaderKey)
runner, err := bots_model.GetRunnerByUUID(uuid) runner, err := bots_model.GetRunnerByUUID(uuid)
if err != nil { if err != nil {
if _, ok := err.(bots_model.ErrRunnerNotExist); ok { if _, ok := err.(bots_model.ErrRunnerNotExist); ok {
@ -36,6 +39,9 @@ var WithRunner = connect.WithInterceptors(connect.UnaryInterceptorFunc(func(unar
} }
return nil, status.Error(codes.Internal, err.Error()) return nil, status.Error(codes.Internal, err.Error())
} }
if subtle.ConstantTimeCompare([]byte(token), []byte(runner.Token)) != 1 {
return nil, status.Error(codes.Unauthenticated, "unregistered runner")
}
// update runner online status // update runner online status
if runner.Status == runnerv1.RunnerStatus_RUNNER_STATUS_OFFLINE { if runner.Status == runnerv1.RunnerStatus_RUNNER_STATUS_OFFLINE {