forked from forgejo/forgejo
[GITEA] Refactor generation of JWT secret
- Remove non base64-ed version of JWT secret generation. Because all occurences need the Base64 version.
This commit is contained in:
parent
2524c64853
commit
6a6b5a31a8
5 changed files with 8 additions and 17 deletions
|
@ -38,22 +38,14 @@ func NewInternalToken() (string, error) {
|
|||
return internalToken, nil
|
||||
}
|
||||
|
||||
// NewJwtSecret generates a new value intended to be used for JWT secrets.
|
||||
func NewJwtSecret() ([]byte, error) {
|
||||
// NewJwtSecret generates a new base64 encoded value intended to be used for JWT secrets.
|
||||
func NewJwtSecret() ([]byte, string, error) {
|
||||
bytes := make([]byte, 32)
|
||||
_, err := io.ReadFull(rand.Reader, bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return bytes, nil
|
||||
}
|
||||
|
||||
// NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
|
||||
func NewJwtSecretBase64() ([]byte, string, error) {
|
||||
bytes, err := NewJwtSecret()
|
||||
_, err := rand.Read(bytes)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
|
||||
}
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
|
|||
LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
|
||||
LFS.JWTSecretBytes, err = util.Base64FixedDecode(base64.RawURLEncoding, []byte(LFS.JWTSecretBase64), 32)
|
||||
if err != nil {
|
||||
LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecretBase64()
|
||||
LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecret()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error generating JWT Secret for custom config: %v", err)
|
||||
}
|
||||
|
|
|
@ -131,12 +131,11 @@ func loadOAuth2From(rootCfg ConfigProvider) {
|
|||
|
||||
if InstallLock {
|
||||
if _, err := util.Base64FixedDecode(base64.RawURLEncoding, []byte(OAuth2.JWTSecretBase64), 32); err != nil {
|
||||
key, err := generate.NewJwtSecret()
|
||||
_, OAuth2.JWTSecretBase64, err = generate.NewJwtSecret()
|
||||
if err != nil {
|
||||
log.Fatal("error generating JWT secret: %v", err)
|
||||
}
|
||||
|
||||
OAuth2.JWTSecretBase64 = base64.RawURLEncoding.EncodeToString(key)
|
||||
saveCfg, err := rootCfg.PrepareSaving()
|
||||
if err != nil {
|
||||
log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue