Revert "Add authentication between executor and runtimes"
This reverts commit 9e083791db.
This commit is contained in:
Bradley Schofield
parent
9e083791db
commit
28a9e1e290
1 changed files with 18 additions and 36 deletions
|
|
@ -501,11 +501,6 @@ function createRuntimeServer(string $functionId, string $projectId, Document $ta
|
|||
return;
|
||||
}
|
||||
|
||||
// Generate random secret key
|
||||
$privateKey = openssl_pkey_new(array('private_key_bits' => 2048));
|
||||
$details = openssl_pkey_get_details($privateKey);
|
||||
$publicKey = $details['key'];
|
||||
|
||||
// Check if runtime is active
|
||||
$runtime = (isset($runtimes[$function->getAttribute('runtime', '')]))
|
||||
? $runtimes[$function->getAttribute('runtime', '')]
|
||||
|
|
@ -527,7 +522,6 @@ function createRuntimeServer(string $functionId, string $projectId, Document $ta
|
|||
'APPWRITE_FUNCTION_RUNTIME_NAME' => $runtime['name'],
|
||||
'APPWRITE_FUNCTION_RUNTIME_VERSION' => $runtime['version'],
|
||||
'APPWRITE_FUNCTION_PROJECT_ID' => $projectId,
|
||||
'APPWRITE_INTERNAL_RUNTIME_SECRET' => $publicKey,
|
||||
]);
|
||||
|
||||
$container = 'appwrite-function-' . $tag->getId();
|
||||
|
|
@ -617,7 +611,6 @@ function createRuntimeServer(string $functionId, string $projectId, Document $ta
|
|||
'appwrite-type' => 'function',
|
||||
'appwrite-created' => strval($executionTime),
|
||||
'appwrite-runtime' => $function->getAttribute('runtime', ''),
|
||||
'security-key' => $privateKey,
|
||||
]
|
||||
);
|
||||
|
||||
|
|
@ -645,7 +638,6 @@ function execute(string $trigger, string $projectId, string $executionId, string
|
|||
}
|
||||
|
||||
Authorization::disable();
|
||||
|
||||
// Grab execution document if exists
|
||||
// It it doesn't exist, create a new one.
|
||||
$execution = (!empty($executionId)) ? $database->getDocument($executionId) : $database->createDocument([
|
||||
|
|
@ -661,7 +653,7 @@ function execute(string $trigger, string $projectId, string $executionId, string
|
|||
'exitCode' => 0,
|
||||
'stdout' => '',
|
||||
'stderr' => '',
|
||||
'time' => 0
|
||||
'time' => 0,
|
||||
]);
|
||||
|
||||
if (false === $execution || ($execution instanceof Document && $execution->isEmpty())) {
|
||||
|
|
@ -679,6 +671,22 @@ function execute(string $trigger, string $projectId, string $executionId, string
|
|||
throw new Exception('Runtime "' . $function->getAttribute('runtime', '') . '" is not supported');
|
||||
}
|
||||
|
||||
// Process environment variables
|
||||
$vars = \array_merge($function->getAttribute('vars', []), [
|
||||
'APPWRITE_FUNCTION_ID' => $function->getId(),
|
||||
'APPWRITE_FUNCTION_NAME' => $function->getAttribute('name', ''),
|
||||
'APPWRITE_FUNCTION_TAG' => $tag->getId(),
|
||||
'APPWRITE_FUNCTION_TRIGGER' => $trigger,
|
||||
'APPWRITE_FUNCTION_RUNTIME_NAME' => $runtime['name'],
|
||||
'APPWRITE_FUNCTION_RUNTIME_VERSION' => $runtime['version'],
|
||||
'APPWRITE_FUNCTION_EVENT' => $event,
|
||||
'APPWRITE_FUNCTION_EVENT_DATA' => $eventData,
|
||||
'APPWRITE_FUNCTION_DATA' => $data,
|
||||
'APPWRITE_FUNCTION_USER_ID' => $userId,
|
||||
'APPWRITE_FUNCTION_JWT' => $jwt,
|
||||
'APPWRITE_FUNCTION_PROJECT_ID' => $projectId,
|
||||
]);
|
||||
|
||||
$container = 'appwrite-function-' . $tag->getId();
|
||||
|
||||
// Check if code is built
|
||||
|
|
@ -720,31 +728,6 @@ function execute(string $trigger, string $projectId, string $executionId, string
|
|||
Authorization::enable();
|
||||
}
|
||||
|
||||
// Generate Signed Challenge
|
||||
$internalFunction = $activeFunctions['appwrite-function-' . $tag->getId()];
|
||||
$privateKey = $internalFunction->getLabels()['security-key'];
|
||||
|
||||
$signedChallenge = '';
|
||||
|
||||
\openssl_sign($function->getId(), $signedChallenge, $privateKey, OPENSSL_ALGO_SHA256);
|
||||
$signedChallenge = \base64_encode($signedChallenge);
|
||||
|
||||
// Process environment variables
|
||||
$vars = \array_merge($function->getAttribute('vars', []), [
|
||||
'APPWRITE_FUNCTION_ID' => $function->getId(),
|
||||
'APPWRITE_FUNCTION_NAME' => $function->getAttribute('name', ''),
|
||||
'APPWRITE_FUNCTION_TAG' => $tag->getId(),
|
||||
'APPWRITE_FUNCTION_TRIGGER' => $trigger,
|
||||
'APPWRITE_FUNCTION_RUNTIME_NAME' => $runtime['name'],
|
||||
'APPWRITE_FUNCTION_RUNTIME_VERSION' => $runtime['version'],
|
||||
'APPWRITE_FUNCTION_EVENT' => $event,
|
||||
'APPWRITE_FUNCTION_EVENT_DATA' => $eventData,
|
||||
'APPWRITE_FUNCTION_DATA' => $data,
|
||||
'APPWRITE_FUNCTION_USER_ID' => $userId,
|
||||
'APPWRITE_FUNCTION_JWT' => $jwt,
|
||||
'APPWRITE_FUNCTION_PROJECT_ID' => $projectId
|
||||
]);
|
||||
|
||||
$stdout = '';
|
||||
$stderr = '';
|
||||
|
||||
|
|
@ -781,8 +764,7 @@ function execute(string $trigger, string $projectId, string $executionId, string
|
|||
|
||||
\curl_setopt($ch, CURLOPT_HTTPHEADER, [
|
||||
'Content-Type: application/json',
|
||||
'Content-Length: ' . \strlen($body),
|
||||
'x-internal-challenge: '. $signedChallenge,
|
||||
'Content-Length: ' . \strlen($body)
|
||||
]);
|
||||
|
||||
$executorResponse = \curl_exec($ch);
|
||||
|
|
|
|||
Loading…
Reference in a new issue