domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Port "Use general token signing secret"

Browse source 
Port of https://github.com/go-gitea/gitea/pull/29205

Use a clearly defined "signing secret" for token signing.

(cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92)
This commit is contained in:
wxiaoguang 2024-02-19 01:39:04 +08:00 committed by Gusted
parent cfd6420a0e
commit 62d3e5255f
No known key found for this signature in database
GPG key ID: FD821B732837125F
13 changed files with 131 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/generate/generate.go
View file

@ -7,6 +7,7 @@ package generate
import (
"crypto/rand"
"encoding/base64"
"fmt"
"io"
"time"
@ -38,6 +39,20 @@ func NewInternalToken() (string, error) {
return internalToken, nil
}
const defaultJwtSecretLen = 32
// DecodeJwtSecret decodes a base64 encoded jwt secret into bytes, and check its length
func DecodeJwtSecret(src string) ([]byte, error) {
encoding := base64.RawURLEncoding
decoded := make([]byte, encoding.DecodedLen(len(src))+3)
if n, err := encoding.Decode(decoded, []byte(src)); err != nil {
return nil, err
} else if n != defaultJwtSecretLen {
return nil, fmt.Errorf("invalid base64 decoded length: %d, expects: %d", n, defaultJwtSecretLen)
}
return decoded[:defaultJwtSecretLen], nil
}
// NewJwtSecret generates a new base64 encoded value intended to be used for JWT secrets.
func NewJwtSecret() ([]byte, string, error) {
bytes := make([]byte, 32)