gitech

generate.go
74 строки · 2.0 Кб
Перенос по словам
1
// Copyright 2016 The Gogs Authors. All rights reserved.
2
// Copyright 2016 The Gitea Authors. All rights reserved.
3
// SPDX-License-Identifier: MIT
4

5
package generate
6

7
import (
8
	"crypto/rand"
9
	"encoding/base64"
10
	"fmt"
11
	"io"
12
	"time"
13

14
	"code.gitea.io/gitea/modules/util"
15

16
	"github.com/golang-jwt/jwt/v5"
17
)
18

19
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
20
func NewInternalToken() (string, error) {
21
	secretBytes := make([]byte, 32)
22
	_, err := io.ReadFull(rand.Reader, secretBytes)
23
	if err != nil {
24
		return "", err
25
	}
26

27
	secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
28

29
	now := time.Now()
30

31
	var internalToken string
32
	internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
33
		"nbf": now.Unix(),
34
	}).SignedString([]byte(secretKey))
35
	if err != nil {
36
		return "", err
37
	}
38

39
	return internalToken, nil
40
}
41

42
const defaultJwtSecretLen = 32
43

44
// DecodeJwtSecretBase64 decodes a base64 encoded jwt secret into bytes, and check its length
45
func DecodeJwtSecretBase64(src string) ([]byte, error) {
46
	encoding := base64.RawURLEncoding
47
	decoded := make([]byte, encoding.DecodedLen(len(src))+3)
48
	if n, err := encoding.Decode(decoded, []byte(src)); err != nil {
49
		return nil, err
50
	} else if n != defaultJwtSecretLen {
51
		return nil, fmt.Errorf("invalid base64 decoded length: %d, expects: %d", n, defaultJwtSecretLen)
52
	}
53
	return decoded[:defaultJwtSecretLen], nil
54
}
55

56
// NewJwtSecretWithBase64 generates a jwt secret with its base64 encoded value intended to be used for saving into config file
57
func NewJwtSecretWithBase64() ([]byte, string, error) {
58
	bytes := make([]byte, defaultJwtSecretLen)
59
	_, err := io.ReadFull(rand.Reader, bytes)
60
	if err != nil {
61
		return nil, "", err
62
	}
63
	return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
64
}
65

66
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
67
func NewSecretKey() (string, error) {
68
	secretKey, err := util.CryptoRandomString(64)
69
	if err != nil {
70
		return "", err
71
	}
72

73
	return secretKey, nil
74
}
75
gitech

Использование cookies
