464ae81a36
- Remove non base64-ed version of JWT secret generation. Because all occurences need the Base64 version. (cherry picked from commit 6a6b5a31a8e38cb953fcca1c8847ea219234f10c) (cherry picked from commit 066b8ca6b40a7342352983de35f1ca6683927426)
60 lines
1.3 KiB
Go
60 lines
1.3 KiB
Go
// Copyright 2016 The Gogs Authors. All rights reserved.
|
|
// Copyright 2016 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package generate
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"io"
|
|
"time"
|
|
|
|
"code.gitea.io/gitea/modules/util"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
|
|
func NewInternalToken() (string, error) {
|
|
secretBytes := make([]byte, 32)
|
|
_, err := io.ReadFull(rand.Reader, secretBytes)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
|
|
|
|
now := time.Now()
|
|
|
|
var internalToken string
|
|
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
"nbf": now.Unix(),
|
|
}).SignedString([]byte(secretKey))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return internalToken, nil
|
|
}
|
|
|
|
// NewJwtSecret generates a new base64 encoded value intended to be used for JWT secrets.
|
|
func NewJwtSecret() ([]byte, string, error) {
|
|
bytes := make([]byte, 32)
|
|
_, err := rand.Read(bytes)
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
|
|
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
|
|
}
|
|
|
|
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
|
|
func NewSecretKey() (string, error) {
|
|
secretKey, err := util.CryptoRandomString(64)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return secretKey, nil
|
|
}
|