v2.5.0: read quoted main proxy secret

2026-05-19 15:46:02 +00:00 · 2026-04-25 16:45:57 +03:00
parent cae552ec87
commit 5a6bc9f614
2 changed files with 47 additions and 5 deletions
--- a/lib/telemt_config.sh
+++ b/lib/telemt_config.sh
@@ -132,13 +132,24 @@ get_config_value() {
            awk '
                /^\[access\.users\]/ { in_users=1; next }
                /^\[/ && in_users { exit }
-                in_users && $1 == "main" {
+                in_users && /^[[:space:]]*[^#[:space:]][^=]*=/ {
-                    sub(/^[^=]*=[[:space:]]*"/, "")
+                    user_key=$1
-                    sub(/".*$/, "")
+                    gsub(/"/, "", user_key)
-                    print
+                    if (user_key != "main") next
                    value=$0
                    sub(/^[^=]*=[[:space:]]*/, "", value)
                    sub(/^"/, "", value)
                    sub(/".*$/, "", value)
                    gsub(/[[:space:]]/, "", value)
                    if (value != "") {
                        print value
                        found=1
                    }
                    exit
                }
-            ' "$config" | tr -d ' '
+                END { exit found ? 0 : 1 }
            ' "$config"
            ;;
        port)
            # [server] port = 443
--- a/tests/test_admin_features.py
+++ b/tests/test_admin_features.py
@@ -2,6 +2,8 @@ import importlib.util
 import json
 import os
 import re
 import shlex
 import subprocess
 import sys
 import tempfile
 import unittest
@@ -212,6 +214,35 @@ class AdminFeatureTests(unittest.TestCase):
        self.assertIn("clearInterval", app_js)
        self.assertIn(".auto-refresh-toggle", styles)
    def test_get_config_value_secret_accepts_quoted_main_user(self):
        with tempfile.TemporaryDirectory() as raw:
            config = Path(raw) / "config.toml"
            config.write_text(
                "\n".join([
                    "[access.users]",
                    '"main" = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"',
                    '"client" = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"',
                    "",
                ]),
                encoding="utf-8",
            )
            script = "\n".join([
                "set -e",
                f"source {shlex.quote(str(ROOT / 'lib' / 'telemt_config.sh'))}",
                f"get_config_value secret {shlex.quote(str(config))}",
            ])
            result = subprocess.run(
                ["bash", "-lc", script],
                cwd=ROOT,
                text=True,
                capture_output=True,
                check=False,
            )
            self.assertEqual(result.returncode, 0, result.stderr)
            self.assertEqual(result.stdout.strip(), "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
 if __name__ == "__main__":
    unittest.main()