mirrors/recycled-ni-neutrino
1
0
Fork 0
mirror of https://github.com/tuxbox-fork-migrations/recycled-ni-neutrino.git synced 2025-08-26 23:13:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

configure.ac: More API key management security and improve backward compatibility

Browse Source 
- GUI management of API keys is now disabled by default for OpenWeather,
 TMDb, OMDb, Shoutcast, and YouTube to enhance security.
 In particular, the risk of accidental activation of GUI-based management
 of API keys should be reduced.
- Introduced warning log messages to inform users about the risks of
 enabling GUI management, which could potentially expose sensitive API
 keys.
- Updated help strings to emphasize safe use of API keys.
- Added notices for users about the possible use of outdated API key
 options.
- Implemented missing backward compatibility for some API option names
 that have changed. This is necessary because build environments
 generated with 'buildenv' do not necessarily adjust automatically to
 the new options. This should prevent the risk of build failures and
 ensure that older configurations remain compatible.

These changes aim to secure configurations better and mitigate the risk
of unintentional exposure of API keys to end users and should avoid build errors.


Origin commit data
------------------
Branch: ni/coolstream
Commit: f46c4177d2
Author: Thilo Graf <dbt@novatux.de>
Date: 2024-05-13 (Mon, 13 May 2024)

Origin message was:
------------------
configure.ac: More API key management security and improve backward compatibility

- GUI management of API keys is now disabled by default for OpenWeather,
 TMDb, OMDb, Shoutcast, and YouTube to enhance security.
 In particular, the risk of accidental activation of GUI-based management
 of API keys should be reduced.
- Introduced warning log messages to inform users about the risks of
 enabling GUI management, which could potentially expose sensitive API
 keys.
- Updated help strings to emphasize safe use of API keys.
- Added notices for users about the possible use of outdated API key
 options.
- Implemented missing backward compatibility for some API option names
 that have changed. This is necessary because build environments
 generated with 'buildenv' do not necessarily adjust automatically to
 the new options. This should prevent the risk of build failures and
 ensure that older configurations remain compatible.

These changes aim to secure configurations better and mitigate the risk
of unintentional exposure of API keys to end users and should avoid build errors.


------------------
This commit was generated by Migit
This commit is contained in:
Thilo Graf
2024-05-13 22:02:13 +02:00
committed by vanhofen
parent 5a516e7778
commit aafe499a69
1 changed files with 205 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

256
configure.ac
View File

@@ -203,96 +203,232 @@ AC_ARG_ENABLE(graphlcd,
AC_DEFINE(ENABLE_GRAPHLCD, 1, [enable GraphLCD support])) AC_DEFINE(ENABLE_GRAPHLCD, 1, [enable GraphLCD support]))
AM_CONDITIONAL(ENABLE_GRAPHLCD, test "$enable_graphlcd" = "yes") AM_CONDITIONAL(ENABLE_GRAPHLCD, test "$enable_graphlcd" = "yes")
# weather ## OpenWeather API key
AC_ARG_WITH(weather-api-key, # Check and configure the OpenWeather API key
AS_HELP_STRING([--with-weather-api-key=KEY], [OpenWeather API key, required for additional weather informations]), AC_MSG_CHECKING([for OpenWeather API key])
AC_ARG_WITH([weather-api-key],
AS_HELP_STRING([--with-weather-api-key=KEY], [Specify the OpenWeather API key for accessing weather information]),
[WEATHER_API_KEY="$withval"], [WEATHER_API_KEY="$withval"],
[WEATHER_API_KEY=""]) [WEATHER_API_KEY=""])
AC_DEFINE_UNQUOTED([WEATHER_API_KEY], ["$WEATHER_API_KEY"], [OpenWeather API key, required for additional weather informations]) # Fallback to deprecated developer OpenWeather API key option string, if obsolete option is specified.
warning_msg=""
AC_ARG_WITH([weather-dev-key],
AS_HELP_STRING([--with-weather-dev-key=KEY], [DEPRECATED: Legacy API key for accessing weather information]),
[if test -z "$WEATHER_API_KEY"; then
WEATHER_API_KEY="$withval"
warning_msg="Using deprecated option --with-weather-dev-key. Please switch to --with-weather-api-key."
fi])
AC_ARG_WITH(weather-api-version, # Output the result of the OpenWeather API key check
AS_HELP_STRING([--with-weather-api-version=VERSION], [OpenWeather API version]), if test -z "$WEATHER_API_KEY"; then
result_msg="no"
else
# Display shortened and masked OpenWeather API key
discrete_key=`echo $WEATHER_API_KEY | cut -c1-7`
result_msg="yes [$discrete_key***]"
fi
AC_MSG_RESULT([$result_msg])
# Output the warning separately if present
if test -n "$warning_msg"; then
AC_MSG_WARN([$warning_msg])
fi
AC_DEFINE_UNQUOTED([WEATHER_API_KEY], ["$WEATHER_API_KEY"], [API key used for weather information])
# Configuration for used OpenWeather API version
AC_MSG_CHECKING([for OpenWeather API version])
AC_ARG_WITH([weather-api-version],
AS_HELP_STRING([--with-weather-api-version=VERSION], [Specify the version of the OpenWeather API to use]),
[WEATHER_API_VERSION="$withval"], [WEATHER_API_VERSION="$withval"],
[WEATHER_API_VERSION=""]) [WEATHER_API_VERSION=""])
AC_DEFINE_UNQUOTED([WEATHER_API_VERSION], ["$WEATHER_API_VERSION"], [OpenWeather API version]) if test -z "$WEATHER_API_VERSION"; then
AC_MSG_RESULT([no])
AC_ARG_ENABLE([weather-key-manage], else
AS_HELP_STRING([--enable-weather-key-manage], [enable manage OpenWeather API key via gui @<:@default=yes@:>@]), AC_MSG_RESULT([yes $WEATHER_API_VERSION])
[enable_weather_key_manage="$enableval"],
[enable_weather_key_manage="yes"])
if test "$enable_weather_key_manage" = "yes" ; then
AC_DEFINE([ENABLE_WEATHER_KEY_MANAGE], 1, [enable manage OpenWeather API key via gui])
fi fi
# weather end AC_DEFINE_UNQUOTED([WEATHER_API_VERSION], ["$WEATHER_API_VERSION"], [OpenWeather API key version used])
# tmdb # Handle optional GUI managed OpenWeather API key
AC_ARG_WITH(tmdb-api-key, AC_ARG_ENABLE([weather-key-manage],
AS_HELP_STRING([--with-tmdb-api-key=KEY], [TMDb API key, required for additional movie informations]), AS_HELP_STRING([--enable-weather-key-manage], [Enable management of the OpenWeather API key via a GUI @<:@default=no@:>@. Warning: Enabling this feature may expose the key to users!]),
[enable_weather_key_manage="$enableval"],
[enable_weather_key_manage="no"])
if test "$enable_weather_key_manage" = "yes"; then
AC_DEFINE([ENABLE_WEATHER_KEY_MANAGE], 1, [Enable management of the OpenWeather API key via GUI])
AC_MSG_WARN([Warning: Enabling GUI management for OpenWeather API key is enabled. This may expose the key to users!])
fi
## END: OpenWeather API key
## TMDb API key
# Check and configure the TMDb API key
AC_MSG_CHECKING([for TMDb API key])
AC_ARG_WITH([tmdb-api-key],
AS_HELP_STRING([--with-tmdb-api-key=KEY], [Specify the TMDb API key for accessing movie information]),
[TMDB_API_KEY="$withval"], [TMDB_API_KEY="$withval"],
[TMDB_API_KEY=""]) [TMDB_API_KEY=""])
AC_DEFINE_UNQUOTED([TMDB_API_KEY], ["$TMDB_API_KEY"], [TMDb API key, required for additional movie informations]) # Fallback to deprecated TMDb API key option string, if obsolete option is specified.
warning_msg=""
AC_ARG_WITH([tmdb-dev-key],
AS_HELP_STRING([--with-tmdb-dev-key=KEY], [DEPRECATED: Legacy API dev key, it's obsolete, use --with-tmdb-api-key=KEY]),
[if test -z "$TMDB_API_KEY"; then
TMDB_API_KEY="$withval"
warning_msg="Using deprecated option --with-tmdb-dev-key. Please switch to --with-tmdb-api-key."
fi])
AC_ARG_ENABLE([tmdb-key-manage], # Output the result of the TMDb API key check
AS_HELP_STRING([--enable-tmdb-key-manage], [enable manage TMDb API key via gui @<:@default=yes@:>@]), if test -z "$TMDB_API_KEY"; then
[enable_tmdb_key_manage="$enableval"], result_msg="no"
[enable_tmdb_key_manage="yes"]) else
# Display shortened and masked TMDb API key
if test "$enable_tmdb_key_manage" = "yes" ; then discrete_key=`echo $TMDB_API_KEY | cut -c1-7`
AC_DEFINE([ENABLE_TMDB_KEY_MANAGE], 1, [enable manage TMDb API key via gui]) result_msg="yes [$discrete_key***]"
fi fi
# tmdb end AC_MSG_RESULT([$result_msg])
# omdb # Output the warning separately if present
AC_ARG_WITH(omdb-api-key, if test -n "$warning_msg"; then
AS_HELP_STRING([--with-omdb-api-key=KEY], [OMDb API key, required for additional IMDb movie informations]), AC_MSG_WARN([$warning_msg])
fi
AC_DEFINE_UNQUOTED([TMDB_API_KEY], ["$TMDB_API_KEY"], [API key used for TMDB services])
# Handle optional GUI managed TMDB API key
AC_ARG_ENABLE([tmdb-key-manage],
AS_HELP_STRING([--enable-tmdb-key-manage], [Enable management of the TMDb API key via a GUI @<:@default=no@:>@. Warning: Enabling this feature may expose the key to users!]),
[enable_tmdb_key_manage="$enableval"],
[enable_tmdb_key_manage="no"])
if test "$enable_tmdb_key_manage" = "yes"; then
AC_DEFINE([ENABLE_TMDB_KEY_MANAGE], 1, [Enable management of the TMDb API key via GUI])
AC_MSG_WARN([Warning: Enabling GUI management for the TMDb API key is enabled. This may expose the key to users!])
fi
## END: TMDb API key
## OMDb API key
# Check and configure the OMDb API key
AC_MSG_CHECKING([for OMDb API key])
AC_ARG_WITH([omdb-api-key],
AS_HELP_STRING([--with-omdb-api-key=KEY], [Specify the OMDb API key for accessing IMDb movie information]),
[OMDB_API_KEY="$withval"], [OMDB_API_KEY="$withval"],
[OMDB_API_KEY=""]) [OMDB_API_KEY=""])
AC_DEFINE_UNQUOTED([OMDB_API_KEY], ["$OMDB_API_KEY"], [OMDb API key, required for additional IMDb movie informations])
AC_ARG_ENABLE([omdb-key-manage], # Output the result of the OMDb API key check
AS_HELP_STRING([--enable-omdb-key-manage], [enable manage OMDb API key via gui @<:@default=yes@:>@]), if test -z "$OMDB_API_KEY"; then
[enable_omdb_key_manage="$enableval"], result_msg="no"
[enable_omdb_key_manage="yes"]) else
# Display shortened and masked OMDb API key
if test "$enable_omdb_key_manage" = "yes" ; then discrete_key=`echo $OMDB_API_KEY | cut -c1-7`
AC_DEFINE([ENABLE_OMDB_KEY_MANAGE], 1, [enable manage OMDb API key via gui]) result_msg="yes [$discrete_key***]"
fi fi
# omdb end AC_MSG_RESULT([$result_msg])
# shoutcast AC_DEFINE_UNQUOTED([OMDB_API_KEY], ["$OMDB_API_KEY"], [API key used for OMDb services])
AC_ARG_WITH(shoutcast-dev-id,
AS_HELP_STRING([--with-shoutcast-dev-id=ID], [ShoutCast Developer ID to get stream data lists]), # Handle optional GUI managed OMDb API key
AC_ARG_ENABLE([omdb-key-manage],
AS_HELP_STRING([--enable-omdb-key-manage], [Enable management of the OMDb API key via a GUI @<:@default=no@:>@. Warning: Enabling this feature may expose the key to users!]),
[enable_omdb_key_manage="$enableval"],
[enable_omdb_key_manage="no"])
if test "$enable_omdb_key_manage" = "yes"; then
AC_DEFINE([ENABLE_OMDB_KEY_MANAGE], 1, [Enable management of the OMDb API key via GUI])
AC_MSG_WARN([Warning: Enabling GUI management for the OMDb API key is enabled. This may expose the key to users!])
fi
## END: OMDb API key
## Shoutcast API key
# Check and configure the Shoutcast API key
AC_MSG_CHECKING([for Shoutcast API key])
AC_ARG_WITH([shoutcast-api-key],
AS_HELP_STRING([--with-shoutcast-api-key=KEY], [Specify the Shoutcast API key for accessing streaming service information]),
[SHOUTCAST_DEV_ID="$withval"], [SHOUTCAST_DEV_ID="$withval"],
[SHOUTCAST_DEV_ID=""]) [SHOUTCAST_DEV_ID=""])
AC_DEFINE_UNQUOTED([SHOUTCAST_DEV_ID], ["$SHOUTCAST_DEV_ID"], [ShoutCast Developer ID to get stream data lists])
# Fallback for deprecated Shoutcast API key option string, if obsolete option is specified.
warning_msg=""
AC_ARG_WITH([shoutcast-dev-key],
AS_HELP_STRING([--with-shoutcast-dev-key=KEY], [DEPRECATED: Legacy API dev key, it's obsolete, use --with-shoutcast-api-key instead]),
[if test -z "$SHOUTCAST_DEV_ID"; then
SHOUTCAST_DEV_ID="$withval"
warning_msg="Using deprecated option --with-shoutcast-dev-key. Please switch to --with-shoutcast-api-key."
fi])
# Output the result of the Shoutcast API key check
if test -z "$SHOUTCAST_DEV_ID"; then
result_msg="no"
else
# Display shortened and masked Shoutcast API key
discrete_key=`echo $SHOUTCAST_DEV_ID | cut -c1-7`
result_msg="yes [$discrete_key***]"
fi
AC_MSG_RESULT([$result_msg])
# Output the warning separately if present
if test -n "$warning_msg"; then
AC_MSG_WARN([$warning_msg])
fi
AC_DEFINE_UNQUOTED([SHOUTCAST_DEV_ID], ["$SHOUTCAST_DEV_ID"], [API key used for Shoutcast services])
# Handle optional GUI managed Shoutcast API key
AC_ARG_ENABLE([shoutcast-id-manage], AC_ARG_ENABLE([shoutcast-id-manage],
AS_HELP_STRING([--enable-shoutcast-id-manage], [enable manage of ShoutCast Developer ID via gui @<:@default=yes@:>@]), AS_HELP_STRING([--enable-shoutcast-id-manage], [Enable management of the Shoutcast ID via a GUI @<:@default=no@:>@. Warning: Enabling this feature may expose the ID to users!]),
[enable_shoutcast_id_manage="$enableval"], [enable_shoutcast_id_manage="$enableval"],
[enable_shoutcast_id_manage="yes"]) [enable_shoutcast_id_manage="no"])
# Fallback for deprecated Shoutcast API key GUI management option, if present
AC_ARG_ENABLE([shoutcast-key-manage],
AS_HELP_STRING([--enable-shoutcast-key-manage], [DEPRECATED: Use --enable-shoutcast-id-manage instead]),
[AC_MSG_WARN([Using deprecated option --enable-shoutcast-key-manage. Please switch to --enable-shoutcast-id-manage.])
enable_shoutcast_id_manage="$enableval"],
[])
if test "$enable_shoutcast_id_manage" = "yes"; then if test "$enable_shoutcast_id_manage" = "yes"; then
AC_DEFINE([ENABLE_SHOUTCAST_ID_MANAGE], 1, [enable manage of ShoutCast Developer ID via gui]) AC_DEFINE([ENABLE_SHOUTCAST_ID_MANAGE], 1, [Enable management of the Shoutcast ID via GUI])
AC_MSG_WARN([Warning: Enabling GUI management for the Shoutcast ID is enabled. This may expose the ID to users!])
fi fi
# shoutcast end # END: Shoutcast API key
# youtube ## YouTube API key
AC_ARG_WITH(youtube-api-key, # Check and configure the YouTube API key
AS_HELP_STRING([--with-youtube-api-key=KEY], [YouTube API key for streaming]), AC_MSG_CHECKING([for YouTube API key])
AC_ARG_WITH([youtube-api-key],
AS_HELP_STRING([--with-youtube-api-key=KEY], [Specify the YouTube API key for accessing streaming services]),
[YOUTUBE_API_KEY="$withval"], [YOUTUBE_API_KEY="$withval"],
[YOUTUBE_API_KEY=""]) [YOUTUBE_API_KEY=""])
AC_DEFINE_UNQUOTED([YOUTUBE_API_KEY], ["$YOUTUBE_API_KEY"], [YouTube API key for streaming]) # Fallback for deprecated developer key if no new key is specified
warning_msg=""
AC_ARG_WITH([youtube-dev-key],
AS_HELP_STRING([--with-youtube-dev-key=KEY], [DEPRECATED: Legacy API dev key, use --with-youtube-api-key instead]),
[if test -z "$YOUTUBE_API_KEY"; then
YOUTUBE_API_KEY="$withval"
warning_msg="Using deprecated option --with-youtube-dev-key. Please switch to --with-youtube-api-key."
fi])
AC_ARG_ENABLE([youtube-key-manage], # Output the result of the YouTube API key check
AS_HELP_STRING([--enable-youtube-key-manage], [enable manage YouTube API key via gui @<:@default=yes@:>@]), if test -z "$YOUTUBE_API_KEY"; then
[enable_youtube_key_manage="$enableval"], result_msg="no"
[enable_youtube_key_manage="yes"]) else
# Display shortened and masked YouTube API key
if test "$enable_youtube_key_manage" = "yes" ; then discrete_key=`echo $YOUTUBE_API_KEY | cut -c1-7`
AC_DEFINE([ENABLE_YOUTUBE_KEY_MANAGE], 1, [enable manage YouTube API key via gui]) result_msg="yes [$discrete_key***]"
fi fi
# youtube end AC_MSG_RESULT([$result_msg])
# Output the warning separately if present
if test -n "$warning_msg"; then
AC_MSG_WARN([$warning_msg])
fi
AC_DEFINE_UNQUOTED([YOUTUBE_API_KEY], ["$YOUTUBE_API_KEY"], [API key used for YouTube streaming])
# Handle optional GUI managed YouTube API key
AC_ARG_ENABLE([youtube-key-manage],
AS_HELP_STRING([--enable-youtube-key-manage], [Enable management of the YouTube API key via a GUI @<:@default=no@:>@. Warning: Enabling this feature may expose the key to users!]),
[enable_youtube_key_manage="$enableval"],
[enable_youtube_key_manage="no"])
if test "$enable_youtube_key_manage" = "yes"; then
AC_DEFINE([ENABLE_YOUTUBE_KEY_MANAGE], 1, [Enable management of the YouTube API key via GUI])
AC_MSG_WARN([Warning: Enabling GUI management for the YouTube API key is enabled. This may expose the key to users!])
fi
## END: YouTube API key
AC_ARG_ENABLE(keyboard-no-rc, AC_ARG_ENABLE(keyboard-no-rc,
AS_HELP_STRING([--enable-keyboard-no-rc], [enable keyboard control, disable rc control @<:@default=no@:>@]), AS_HELP_STRING([--enable-keyboard-no-rc], [enable keyboard control, disable rc control @<:@default=no@:>@]),