Mercurial > p > roundup > code
view website/issues/detectors/patches.py @ 7809:be6cb2e0d471
feat: add support for rotating jwt keys
This allows jwt_secret to have multiple ',' separated secrets. The
first/leftmost should be used to sign new JWTs. All of them are used
(starting from left/newest) to try to verify a JWT.
If the first secret is < 32 chars in length JWTs are disabled. If any
of the other secrets are < 32 chars, the configuration code causes the
software to exit. This prevents insecure (too short) secrets from
being used.
Updated doc examples and tests.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 14 Mar 2024 19:04:19 -0400 |
| parents | 0942fe89e82e |
| children |
line wrap: on
line source
# Auditor for patch files # Patches should be declared as text/plain (also .py files), # independent of what the browser says, and # the "patch" keyword should get set automatically. import posixpath patchtypes = ('.diff', '.patch') sourcetypes = ('.diff', '.patch', '.py') def ispatch(file, types): return posixpath.splitext(file)[1] in types def patches_text_plain(db, cl, nodeid, newvalues): if ispatch(newvalues['name'], sourcetypes): newvalues['type'] = 'text/plain' def patches_keyword(db, cl, nodeid, newvalues): # Check whether there are any new files newfiles = set(newvalues.get('files',())) if nodeid: newfiles -= set(db.issue.get(nodeid, 'files')) # Check whether any of these is a patch newpatch = False for fileid in newfiles: if ispatch(db.file.get(fileid, 'name'), patchtypes): newpatch = True break if newpatch: # Add the patch keyword if its not already there patchid = db.keyword.lookup("patch") oldkeywords = [] if nodeid: oldkeywords = db.issue.get(nodeid, 'keywords') if patchid in oldkeywords: # This is already marked as a patch return if 'keywords' not in newvalues: newvalues['keywords'] = oldkeywords newvalues['keywords'].append(patchid) def init(db): db.file.audit('create', patches_text_plain) db.issue.audit('create', patches_keyword) db.issue.audit('set', patches_keyword)