From 57e851d8a9e7afffe4fb263e232837d2b30107a2 Mon Sep 17 00:00:00 2001 From: Louis Dureuil Date: Thu, 22 Dec 2022 11:57:44 +0100 Subject: [PATCH] Check for key length --- meilisearch/src/main.rs | 63 +++++++++++++++++++++++++++++++---------- 1 file changed, 48 insertions(+), 15 deletions(-) diff --git a/meilisearch/src/main.rs b/meilisearch/src/main.rs index 50575cbbf..01aeae457 100644 --- a/meilisearch/src/main.rs +++ b/meilisearch/src/main.rs @@ -8,7 +8,7 @@ use actix_web::HttpServer; use index_scheduler::IndexScheduler; use meilisearch::analytics::Analytics; use meilisearch::{analytics, create_app, setup_meilisearch, Opt}; -use meilisearch_auth::AuthController; +use meilisearch_auth::{generate_master_key, AuthController, MASTER_KEY_MIN_SIZE}; #[global_allocator] static ALLOC: mimalloc::MiMalloc = mimalloc::MiMalloc; @@ -33,16 +33,32 @@ async fn main() -> anyhow::Result<()> { setup(&opt)?; - match opt.env.as_ref() { - "production" => { - if opt.master_key.is_none() { - anyhow::bail!( - "In production mode, the environment variable MEILI_MASTER_KEY is mandatory" - ) - } + + match (opt.env.as_ref(), &opt.master_key) { + ("production", Some(master_key)) if master_key.len() < MASTER_KEY_MIN_SIZE => { + anyhow::bail!( + "In production mode, the Master Key must be of at least {MASTER_KEY_MIN_SIZE} characters, but the provided key is only {} characters long + +We generated a secure Master Key for you (you can safely copy this token): + +>> export MEILI_MASTER_KEY={} <<", + master_key.len(), + generate_master_key(), + ) } - "development" => (), - _ => unreachable!(), + ("production", None) => { + anyhow::bail!( + "In production mode, the environment variable MEILI_MASTER_KEY is mandatory + +We generated a secure Master Key for you (you can safely copy this token): + +>> export MEILI_MASTER_KEY={} << +", + generate_master_key() + ) + } + // No error; continue + _ => (), } let (index_scheduler, auth_controller) = setup_meilisearch(&opt)?; @@ -151,11 +167,28 @@ Anonymous telemetry:\t\"Enabled\"" eprintln!(); - if opt.master_key.is_some() { - eprintln!("A Master Key has been set. Requests to Meilisearch won't be authorized unless you provide an authentication key."); - } else { - eprintln!("No master key found; The server will accept unidentified requests. \ - If you need some protection in development mode, please export a key: export MEILI_MASTER_KEY=xxx"); + match (opt.env.as_ref(), &opt.master_key) { + ("production", Some(_)) => { + eprintln!("A Master Key has been set. Requests to Meilisearch won't be authorized unless you provide an authentication key."); + } + ("development", Some(master_key)) => { + eprintln!("A Master Key has been set. Requests to Meilisearch won't be authorized unless you provide an authentication key."); + + if master_key.len() < MASTER_KEY_MIN_SIZE { + eprintln!(); + log::warn!( + "The provided Master Key is too short (< {MASTER_KEY_MIN_SIZE} characters)" + ); + eprintln!("A Master Key of at least {MASTER_KEY_MIN_SIZE} characters will be required when switching to the production environment."); + } + } + ("development", None) => { + log::warn!("No master key found; The server will accept unidentified requests"); + eprintln!("If you need some protection in development mode, please export a key:\n\nexport MEILI_MASTER_KEY={}", generate_master_key()); + eprintln!("\nA Master Key of at least {MASTER_KEY_MIN_SIZE} characters will be required when switching to the production environment."); + } + // unreachable because Opt::try_build above would have failed already if any other value had been produced + _ => unreachable!(), } eprintln!();