Implements generator cli for secrets (#3531)
Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>release/v1.5
Codruț Constantin Gușoi
6 years ago
committed by
Lauris BH
parent
e59fe7c8d9
commit
96c268c0fc
@ -0,0 +1,83 @@
|
||||
// Copyright 2016 The Gogs Authors. All rights reserved.
|
||||
// Copyright 2016 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/modules/generate"
|
||||
|
||||
"github.com/urfave/cli"
|
||||
)
|
||||
|
||||
var (
|
||||
// CmdGenerate represents the available generate sub-command.
|
||||
CmdGenerate = cli.Command{
|
||||
Name: "generate",
|
||||
Usage: "Command line interface for running generators",
|
||||
Subcommands: []cli.Command{
|
||||
subcmdSecret,
|
||||
},
|
||||
}
|
||||
|
||||
subcmdSecret = cli.Command{
|
||||
Name: "secret",
|
||||
Usage: "Generate a secret token",
|
||||
Subcommands: []cli.Command{
|
||||
microcmdGenerateInternalToken,
|
||||
microcmdGenerateLfsJwtSecret,
|
||||
microcmdGenerateSecretKey,
|
||||
},
|
||||
}
|
||||
|
||||
microcmdGenerateInternalToken = cli.Command{
|
||||
Name: "INTERNAL_TOKEN",
|
||||
Usage: "Generate a new INTERNAL_TOKEN",
|
||||
Action: runGenerateInternalToken,
|
||||
}
|
||||
|
||||
microcmdGenerateLfsJwtSecret = cli.Command{
|
||||
Name: "LFS_JWT_SECRET",
|
||||
Usage: "Generate a new LFS_JWT_SECRET",
|
||||
Action: runGenerateLfsJwtSecret,
|
||||
}
|
||||
|
||||
microcmdGenerateSecretKey = cli.Command{
|
||||
Name: "SECRET_KEY",
|
||||
Usage: "Generate a new SECRET_KEY",
|
||||
Action: runGenerateSecretKey,
|
||||
}
|
||||
)
|
||||
|
||||
func runGenerateInternalToken(c *cli.Context) error {
|
||||
internalToken, err := generate.NewInternalToken()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Printf("%s\n", internalToken)
|
||||
return nil
|
||||
}
|
||||
|
||||
func runGenerateLfsJwtSecret(c *cli.Context) error {
|
||||
JWTSecretBase64, err := generate.NewLfsJwtSecret()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Printf("%s\n", JWTSecretBase64)
|
||||
return nil
|
||||
}
|
||||
|
||||
func runGenerateSecretKey(c *cli.Context) error {
|
||||
secretKey, err := generate.NewSecretKey()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Printf("%s\n", secretKey)
|
||||
return nil
|
||||
}
|
||||
@ -0,0 +1,89 @@
|
||||
// Copyright 2016 The Gogs Authors. All rights reserved.
|
||||
// Copyright 2016 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package generate
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"io"
|
||||
"math/big"
|
||||
"time"
|
||||
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
)
|
||||
|
||||
// GetRandomString generate random string by specify chars.
|
||||
func GetRandomString(n int) (string, error) {
|
||||
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||
|
||||
buffer := make([]byte, n)
|
||||
max := big.NewInt(int64(len(alphanum)))
|
||||
|
||||
for i := 0; i < n; i++ {
|
||||
index, err := randomInt(max)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
buffer[i] = alphanum[index]
|
||||
}
|
||||
|
||||
return string(buffer), nil
|
||||
}
|
||||
|
||||
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
|
||||
func NewInternalToken() (string, error) {
|
||||
secretBytes := make([]byte, 32)
|
||||
_, err := io.ReadFull(rand.Reader, secretBytes)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
|
||||
|
||||
now := time.Now()
|
||||
|
||||
var internalToken string
|
||||
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||
"nbf": now.Unix(),
|
||||
}).SignedString([]byte(secretKey))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return internalToken, nil
|
||||
}
|
||||
|
||||
// NewLfsJwtSecret generate a new value intended to be used by LFS_JWT_SECRET.
|
||||
func NewLfsJwtSecret() (string, error) {
|
||||
JWTSecretBytes := make([]byte, 32)
|
||||
_, err := io.ReadFull(rand.Reader, JWTSecretBytes)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
JWTSecretBase64 := base64.RawURLEncoding.EncodeToString(JWTSecretBytes)
|
||||
return JWTSecretBase64, nil
|
||||
}
|
||||
|
||||
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
|
||||
func NewSecretKey() (string, error) {
|
||||
secretKey, err := GetRandomString(64)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return secretKey, nil
|
||||
}
|
||||
|
||||
func randomInt(max *big.Int) (int, error) {
|
||||
rand, err := rand.Int(rand.Reader, max)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
return int(rand.Int64()), nil
|
||||
}
|
||||
@ -0,0 +1,20 @@
|
||||
package generate
|
||||
|
||||
import (
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
retVal := m.Run()
|
||||
|
||||
os.Exit(retVal)
|
||||
}
|
||||
|
||||
func TestGetRandomString(t *testing.T) {
|
||||
randomString, err := GetRandomString(4)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, randomString, 4)
|
||||
}
|
||||
Loading…
Reference in new issue