beenull/photoprism
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Security: Update default config values to use HTTPS for the site URL

Browse source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer 2022-10-19 20:26:36 +02:00
parent 12ca67effc
commit ebb5646571
7 changed files with 12 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
internal/config/config.go
View file

@ -382,10 +382,10 @@ func (c *Config) StaticUri() string {
return c.CdnUrl(c.BaseUri(StaticUri)) return c.CdnUrl(c.BaseUri(StaticUri))
} }
// SiteUrl returns the public server URL (default is "http://localhost:2342/"). // SiteUrl returns the public server URL (default is "https://photoprism.local:2342/").
func (c *Config) SiteUrl() string { func (c *Config) SiteUrl() string {
if c.options.SiteUrl == "" { if c.options.SiteUrl == "" {
return "http://localhost:2342/" return "https://photoprism.local:2342/"
} }
return strings.TrimRight(c.options.SiteUrl, "/") + "/" return strings.TrimRight(c.options.SiteUrl, "/") + "/"

10
internal/config/config_test.go
View file

@ -433,7 +433,7 @@ func TestConfig_ContentUri(t *testing.T) {
func TestConfig_SiteUrl(t *testing.T) { func TestConfig_SiteUrl(t *testing.T) {
c := NewConfig(CliTestContext()) c := NewConfig(CliTestContext())
assert.Equal(t, "http://localhost:2342/", c.SiteUrl()) assert.Equal(t, "https://photoprism.local:2342/", c.SiteUrl())
c.options.SiteUrl = "http://superhost:2342/" c.options.SiteUrl = "http://superhost:2342/"
assert.Equal(t, "http://superhost:2342/", c.SiteUrl()) assert.Equal(t, "http://superhost:2342/", c.SiteUrl())
c.options.SiteUrl = "http://superhost" c.options.SiteUrl = "http://superhost"
@ -443,20 +443,20 @@ func TestConfig_SiteUrl(t *testing.T) {
func TestConfig_SiteDomain(t *testing.T) { func TestConfig_SiteDomain(t *testing.T) {
c := NewConfig(CliTestContext()) c := NewConfig(CliTestContext())
assert.Equal(t, "localhost", c.SiteDomain()) assert.Equal(t, "photoprism.local", c.SiteDomain())
c.options.SiteUrl = "https://foo.bar.com:2342/" c.options.SiteUrl = "https://foo.bar.com:2342/"
assert.Equal(t, "foo.bar.com", c.SiteDomain()) assert.Equal(t, "foo.bar.com", c.SiteDomain())
c.options.SiteUrl = "" c.options.SiteUrl = ""
assert.Equal(t, "localhost", c.SiteDomain()) assert.Equal(t, "photoprism.local", c.SiteDomain())
} }
func TestConfig_SitePreview(t *testing.T) { func TestConfig_SitePreview(t *testing.T) {
c := NewConfig(CliTestContext()) c := NewConfig(CliTestContext())
assert.Equal(t, "http://localhost:2342/static/img/preview.jpg", c.SitePreview()) assert.Equal(t, "https://photoprism.local:2342/static/img/preview.jpg", c.SitePreview())
c.options.SitePreview = "http://preview.jpg" c.options.SitePreview = "http://preview.jpg"
assert.Equal(t, "http://preview.jpg", c.SitePreview()) assert.Equal(t, "http://preview.jpg", c.SitePreview())
c.options.SitePreview = "preview123.jpg" c.options.SitePreview = "preview123.jpg"
assert.Equal(t, "http://localhost:2342/preview123.jpg", c.SitePreview()) assert.Equal(t, "https://photoprism.local:2342/preview123.jpg", c.SitePreview())
} }
func TestConfig_SiteTitle(t *testing.T) { func TestConfig_SiteTitle(t *testing.T) {

12
internal/config/config_tls.go
View file

@ -59,19 +59,11 @@ func (c *Config) TLSKey() string {
// TLS returns the HTTPS certificate and private key file name. // TLS returns the HTTPS certificate and private key file name.
func (c *Config) TLS() (publicCert, privateKey string) { func (c *Config) TLS() (publicCert, privateKey string) {
privateKey = c.TLSKey() if c.DisableTLS() {
if privateKey == "" {
return "", "" return "", ""
} }
publicCert = c.TLSCert() return c.TLSCert(), c.TLSKey()
if publicCert == "" {
return "", ""
}
return publicCert, privateKey
} }
// DisableTLS checks if HTTPS should be disabled. // DisableTLS checks if HTTPS should be disabled.

2
internal/config/flags.go
View file

@ -360,7 +360,7 @@ var Flags = CliFlags{
Flag: cli.StringFlag{ Flag: cli.StringFlag{
Name: "site-url, url", Name: "site-url, url",
Usage: "public site `URL`", Usage: "public site `URL`",
Value: "http://localhost:2342/", Value: "https://photoprism.local:2342/",
EnvVar: "PHOTOPRISM_SITE_URL", EnvVar: "PHOTOPRISM_SITE_URL",
}}, { }}, {
Flag: cli.StringFlag{ Flag: cli.StringFlag{

1
internal/config/options.go
View file

@ -192,6 +192,7 @@ func NewOptions(ctx *cli.Context) *Options {
func (c *Options) expandFilenames() { func (c *Options) expandFilenames() {
c.ConfigPath = fs.Abs(c.ConfigPath) c.ConfigPath = fs.Abs(c.ConfigPath)
c.StoragePath = fs.Abs(c.StoragePath) c.StoragePath = fs.Abs(c.StoragePath)
c.UsersPath = fs.Abs(c.UsersPath)
c.BackupPath = fs.Abs(c.BackupPath) c.BackupPath = fs.Abs(c.BackupPath)
c.AssetsPath = fs.Abs(c.AssetsPath) c.AssetsPath = fs.Abs(c.AssetsPath)
c.CachePath = fs.Abs(c.CachePath) c.CachePath = fs.Abs(c.CachePath)

1
internal/entity/auth_user.go
View file

@ -117,7 +117,6 @@ func FindUser(find User) *User {
// Find matching record. // Find matching record.
if err := stmt.First(m).Error; err != nil { if err := stmt.First(m).Error; err != nil {
event.AuditErr([]string{"user", "not found", "%s"}, err)
return nil return nil
} }

2
internal/server/start.go
View file

@ -82,7 +82,7 @@ func Start(ctx context.Context, conf *config.Config) {
log.Infof("server: starting in auto tls mode on %s [%s]", server.Addr, time.Since(start)) log.Infof("server: starting in auto tls mode on %s [%s]", server.Addr, time.Since(start))
go StartAutoTLS(server, tlsManager, conf) go StartAutoTLS(server, tlsManager, conf)
} else if publicCert, privateKey := conf.TLS(); publicCert != "" && privateKey != "" { } else if publicCert, privateKey := conf.TLS(); publicCert != "" && privateKey != "" {
log.Infof("server: starting in manual tls mode") log.Infof("server: starting in tls mode")
server = &http.Server{ server = &http.Server{
Addr: fmt.Sprintf("%s:%d", conf.HttpHost(), conf.HttpPort()), Addr: fmt.Sprintf("%s:%d", conf.HttpHost(), conf.HttpPort()),
Handler: router, Handler: router,