[GITEA] Refactor generation of JWT secret

- Remove non base64-ed version of JWT secret generation. Because all
occurences need the Base64 version.

(cherry picked from commit 6a6b5a31a8)
(cherry picked from commit 066b8ca6b4)
This commit is contained in:
Gusted 2024-01-24 16:25:06 +01:00 committed by Earl Warren
parent e71b5a038e
commit 464ae81a36
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
5 changed files with 8 additions and 17 deletions

View file

@ -70,7 +70,7 @@ func runGenerateInternalToken(c *cli.Context) error {
} }
func runGenerateLfsJwtSecret(c *cli.Context) error { func runGenerateLfsJwtSecret(c *cli.Context) error {
_, jwtSecretBase64, err := generate.NewJwtSecretBase64() _, jwtSecretBase64, err := generate.NewJwtSecret()
if err != nil { if err != nil {
return err return err
} }

View file

@ -38,22 +38,14 @@ func NewInternalToken() (string, error) {
return internalToken, nil return internalToken, nil
} }
// NewJwtSecret generates a new value intended to be used for JWT secrets. // NewJwtSecret generates a new base64 encoded value intended to be used for JWT secrets.
func NewJwtSecret() ([]byte, error) { func NewJwtSecret() ([]byte, string, error) {
bytes := make([]byte, 32) bytes := make([]byte, 32)
_, err := io.ReadFull(rand.Reader, bytes) _, err := rand.Read(bytes)
if err != nil {
return nil, err
}
return bytes, nil
}
// NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
func NewJwtSecretBase64() ([]byte, string, error) {
bytes, err := NewJwtSecret()
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
} }

View file

@ -64,7 +64,7 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET") LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
LFS.JWTSecretBytes, err = util.Base64FixedDecode(base64.RawURLEncoding, []byte(LFS.JWTSecretBase64), 32) LFS.JWTSecretBytes, err = util.Base64FixedDecode(base64.RawURLEncoding, []byte(LFS.JWTSecretBase64), 32)
if err != nil { if err != nil {
LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecretBase64() LFS.JWTSecretBytes, LFS.JWTSecretBase64, err = generate.NewJwtSecret()
if err != nil { if err != nil {
return fmt.Errorf("error generating JWT Secret for custom config: %v", err) return fmt.Errorf("error generating JWT Secret for custom config: %v", err)
} }

View file

@ -138,12 +138,11 @@ func loadOAuth2From(rootCfg ConfigProvider) {
if InstallLock { if InstallLock {
if _, err := util.Base64FixedDecode(base64.RawURLEncoding, []byte(OAuth2.JWTSecretBase64), 32); err != nil { if _, err := util.Base64FixedDecode(base64.RawURLEncoding, []byte(OAuth2.JWTSecretBase64), 32); err != nil {
key, err := generate.NewJwtSecret() _, OAuth2.JWTSecretBase64, err = generate.NewJwtSecret()
if err != nil { if err != nil {
log.Fatal("error generating JWT secret: %v", err) log.Fatal("error generating JWT secret: %v", err)
} }
OAuth2.JWTSecretBase64 = base64.RawURLEncoding.EncodeToString(key)
saveCfg, err := rootCfg.PrepareSaving() saveCfg, err := rootCfg.PrepareSaving()
if err != nil { if err != nil {
log.Fatal("save oauth2.JWT_SECRET failed: %v", err) log.Fatal("save oauth2.JWT_SECRET failed: %v", err)

View file

@ -413,7 +413,7 @@ func SubmitInstall(ctx *context.Context) {
cfg.Section("server").Key("LFS_START_SERVER").SetValue("true") cfg.Section("server").Key("LFS_START_SERVER").SetValue("true")
cfg.Section("lfs").Key("PATH").SetValue(form.LFSRootPath) cfg.Section("lfs").Key("PATH").SetValue(form.LFSRootPath)
var lfsJwtSecret string var lfsJwtSecret string
if _, lfsJwtSecret, err = generate.NewJwtSecretBase64(); err != nil { if _, lfsJwtSecret, err = generate.NewJwtSecret(); err != nil {
ctx.RenderWithErr(ctx.Tr("install.lfs_jwt_secret_failed", err), tplInstall, &form) ctx.RenderWithErr(ctx.Tr("install.lfs_jwt_secret_failed", err), tplInstall, &form)
return return
} }