domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Port "Use general token signing secret"

Browse source 
Port of https://github.com/go-gitea/gitea/pull/29205

Use a clearly defined "signing secret" for token signing.

(cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92)
This commit is contained in:
wxiaoguang 2024-02-19 01:39:04 +08:00 committed by Gusted
parent cfd6420a0e
commit 62d3e5255f
No known key found for this signature in database
GPG key ID: FD821B732837125F
13 changed files with 131 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

8
services/auth/source/oauth2/jwtsigningkey.go
View file

@ -300,7 +300,7 @@ func InitSigningKey() error {
case "HS384":
fallthrough
case "HS512":
key, err = loadSymmetricKey()
key = setting.GetGeneralTokenSigningSecret()
case "RS256":
fallthrough
case "RS384":
@ -333,12 +333,6 @@ func InitSigningKey() error {
return nil
}
// loadSymmetricKey checks if the configured secret is valid.
// If it is not valid, it will return an error.
func loadSymmetricKey() (any, error) {
return util.Base64FixedDecode(base64.RawURLEncoding, []byte(setting.OAuth2.JWTSecretBase64), 32)
}
// loadOrCreateAsymmetricKey checks if the configured private key exists.
// If it does not exist a new random key gets generated and saved on the configured path.
func loadOrCreateAsymmetricKey() (any, error) {