mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-10 08:30:39 -05:00
Merge pull request '[GITEA] Refactor generation of JWT secret' (#2227) from gusted/forgejo-refactor-jwt-secret into forgejo-dependency
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2227 Reviewed-by: Otto <otto@codeberg.org> Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
This commit is contained in:
commit
c3665b2a94
5 changed files with 8 additions and 17 deletions
|
@ -70,7 +70,7 @@ func runGenerateInternalToken(c *cli.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func runGenerateLfsJwtSecret(c *cli.Context) error {
|
func runGenerateLfsJwtSecret(c *cli.Context) error {
|
||||||
_, jwtSecretBase64, err := generate.NewJwtSecretBase64()
|
_, jwtSecretBase64, err := generate.NewJwtSecret()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,22 +38,14 @@ func NewInternalToken() (string, error) {
|
||||||
return internalToken, nil
|
return internalToken, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewJwtSecret generates a new value intended to be used for JWT secrets.
|
// NewJwtSecret generates a new base64 encoded value intended to be used for JWT secrets.
|
||||||
func NewJwtSecret() ([]byte, error) {
|
func NewJwtSecret() ([]byte, string, error) {
|
||||||
bytes := make([]byte, 32)
|
bytes := make([]byte, 32)
|
||||||
_, err := io.ReadFull(rand.Reader, bytes)
|
_, err := rand.Read(bytes)
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return bytes, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
|
|
||||||
func NewJwtSecretBase64() ([]byte, string, error) {
|
|
||||||
bytes, err := NewJwtSecret()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, "", err
|
return nil, "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
|
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,7 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
|
||||||
LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
|
LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
|
||||||
LFS.JWTSecretBytes, err = util.Base64FixedDecode(base64.RawURLEncoding, []byte(LFS.JWTSecretBase64), 32)
|
LFS.JWTSecretBytes, err = util.Base64FixedDecode(base64.RawURLEncoding, []byte(LFS.JWTSecretBase64), 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecretBase64()
|
LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecret()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error generating JWT Secret for custom config: %v", err)
|
return fmt.Errorf("error generating JWT Secret for custom config: %v", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -131,12 +131,11 @@ func loadOAuth2From(rootCfg ConfigProvider) {
|
||||||
|
|
||||||
if InstallLock {
|
if InstallLock {
|
||||||
if _, err := util.Base64FixedDecode(base64.RawURLEncoding, []byte(OAuth2.JWTSecretBase64), 32); err != nil {
|
if _, err := util.Base64FixedDecode(base64.RawURLEncoding, []byte(OAuth2.JWTSecretBase64), 32); err != nil {
|
||||||
key, err := generate.NewJwtSecret()
|
_, OAuth2.JWTSecretBase64, err = generate.NewJwtSecret()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("error generating JWT secret: %v", err)
|
log.Fatal("error generating JWT secret: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
OAuth2.JWTSecretBase64 = base64.RawURLEncoding.EncodeToString(key)
|
|
||||||
saveCfg, err := rootCfg.PrepareSaving()
|
saveCfg, err := rootCfg.PrepareSaving()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
|
log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
|
||||||
|
|
|
@ -413,7 +413,7 @@ func SubmitInstall(ctx *context.Context) {
|
||||||
cfg.Section("server").Key("LFS_START_SERVER").SetValue("true")
|
cfg.Section("server").Key("LFS_START_SERVER").SetValue("true")
|
||||||
cfg.Section("lfs").Key("PATH").SetValue(form.LFSRootPath)
|
cfg.Section("lfs").Key("PATH").SetValue(form.LFSRootPath)
|
||||||
var lfsJwtSecret string
|
var lfsJwtSecret string
|
||||||
if _, lfsJwtSecret, err = generate.NewJwtSecretBase64(); err != nil {
|
if _, lfsJwtSecret, err = generate.NewJwtSecret(); err != nil {
|
||||||
ctx.RenderWithErr(ctx.Tr("install.lfs_jwt_secret_failed", err), tplInstall, &form)
|
ctx.RenderWithErr(ctx.Tr("install.lfs_jwt_secret_failed", err), tplInstall, &form)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue