2018-02-18 11:14:37 -07:00
|
|
|
// Copyright 2016 The Gogs Authors. All rights reserved.
|
|
|
|
|
// Copyright 2016 The Gitea Authors. All rights reserved.
|
2022-11-27 11:20:29 -07:00
|
|
|
// SPDX-License-Identifier: MIT
|
2018-02-18 11:14:37 -07:00
|
|
|
|
|
|
|
|
package generate
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/rand"
|
|
|
|
|
"encoding/base64"
|
2024-02-16 08:18:30 -07:00
|
|
|
"fmt"
|
2018-02-18 11:14:37 -07:00
|
|
|
"io"
|
|
|
|
|
"time"
|
|
|
|
|
|
2021-05-10 00:45:17 -06:00
|
|
|
"code.gitea.io/gitea/modules/util"
|
2021-07-24 05:00:41 -06:00
|
|
|
|
2023-07-19 03:57:10 -06:00
|
|
|
"github.com/golang-jwt/jwt/v5"
|
2018-02-18 11:14:37 -07:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
|
|
|
|
|
func NewInternalToken() (string, error) {
|
|
|
|
|
secretBytes := make([]byte, 32)
|
|
|
|
|
_, err := io.ReadFull(rand.Reader, secretBytes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
|
|
|
|
|
|
|
|
|
|
now := time.Now()
|
|
|
|
|
|
|
|
|
|
var internalToken string
|
|
|
|
|
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
|
|
|
"nbf": now.Unix(),
|
|
|
|
|
}).SignedString([]byte(secretKey))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return internalToken, nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-16 08:18:30 -07:00
|
|
|
const defaultJwtSecretLen = 32
|
|
|
|
|
|
|
|
|
|
// DecodeJwtSecretBase64 decodes a base64 encoded jwt secret into bytes, and check its length
|
|
|
|
|
func DecodeJwtSecretBase64(src string) ([]byte, error) {
|
|
|
|
|
encoding := base64.RawURLEncoding
|
|
|
|
|
decoded := make([]byte, encoding.DecodedLen(len(src))+3)
|
|
|
|
|
if n, err := encoding.Decode(decoded, []byte(src)); err != nil {
|
2021-06-17 15:56:46 -06:00
|
|
|
return nil, err
|
2024-02-16 08:18:30 -07:00
|
|
|
} else if n != defaultJwtSecretLen {
|
|
|
|
|
return nil, fmt.Errorf("invalid base64 decoded length: %d, expects: %d", n, defaultJwtSecretLen)
|
2021-06-17 15:56:46 -06:00
|
|
|
}
|
2024-02-16 08:18:30 -07:00
|
|
|
return decoded[:defaultJwtSecretLen], nil
|
2021-06-17 15:56:46 -06:00
|
|
|
}
|
|
|
|
|
|
2024-02-16 08:18:30 -07:00
|
|
|
// NewJwtSecretWithBase64 generates a jwt secret with its base64 encoded value intended to be used for saving into config file
|
|
|
|
|
func NewJwtSecretWithBase64() ([]byte, string, error) {
|
|
|
|
|
bytes := make([]byte, defaultJwtSecretLen)
|
|
|
|
|
_, err := io.ReadFull(rand.Reader, bytes)
|
2018-02-18 11:14:37 -07:00
|
|
|
if err != nil {
|
2023-08-14 04:30:16 -06:00
|
|
|
return nil, "", err
|
2018-02-18 11:14:37 -07:00
|
|
|
}
|
2023-08-14 04:30:16 -06:00
|
|
|
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
|
2018-02-18 11:14:37 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
|
|
|
|
|
func NewSecretKey() (string, error) {
|
2022-01-25 21:10:10 -07:00
|
|
|
secretKey, err := util.CryptoRandomString(64)
|
2018-02-18 11:14:37 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return secretKey, nil
|
|
|
|
|
}
|
