1
// Copyright 2016 The Gogs Authors. All rights reserved.
2
// Copyright 2016 The Gitea Authors. All rights reserved.
3
// SPDX-License-Identifier: MIT
14
"code.gitea.io/gitea/modules/util"
16
"github.com/golang-jwt/jwt/v5"
19
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
20
func NewInternalToken() (string, error) {
21
secretBytes := make([]byte, 32)
22
_, err := io.ReadFull(rand.Reader, secretBytes)
27
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
31
var internalToken string
32
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
34
}).SignedString([]byte(secretKey))
39
return internalToken, nil
42
const defaultJwtSecretLen = 32
44
// DecodeJwtSecretBase64 decodes a base64 encoded jwt secret into bytes, and check its length
45
func DecodeJwtSecretBase64(src string) ([]byte, error) {
46
encoding := base64.RawURLEncoding
47
decoded := make([]byte, encoding.DecodedLen(len(src))+3)
48
if n, err := encoding.Decode(decoded, []byte(src)); err != nil {
50
} else if n != defaultJwtSecretLen {
51
return nil, fmt.Errorf("invalid base64 decoded length: %d, expects: %d", n, defaultJwtSecretLen)
53
return decoded[:defaultJwtSecretLen], nil
56
// NewJwtSecretWithBase64 generates a jwt secret with its base64 encoded value intended to be used for saving into config file
57
func NewJwtSecretWithBase64() ([]byte, string, error) {
58
bytes := make([]byte, defaultJwtSecretLen)
59
_, err := io.ReadFull(rand.Reader, bytes)
63
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
66
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
67
func NewSecretKey() (string, error) {
68
secretKey, err := util.CryptoRandomString(64)