diff options
| author | silverwind <me@silverwind.io> | 2021-05-10 08:45:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-10 07:45:17 +0100 |
| commit | 1e6fa57acbe3c05cb996b789e8c2d381c953826f (patch) | |
| tree | c4f1ce55b3423f97952b630462cef5b2035961ec /modules/context | |
| parent | 270aab429ef025df9a0b9bf9e3982729ae8df449 (diff) | |
| download | gitea-1e6fa57acbe3c05cb996b789e8c2d381c953826f.tar.gz gitea-1e6fa57acbe3c05cb996b789e8c2d381c953826f.zip | |
Use single shared random string generation function (#15741)
* Use single shared random string generation function
- Replace 3 functions that do the same with 1 shared one
- Use crypto/rand over math/rand for a stronger RNG
- Output only alphanumerical for URL compatibilty
Fixes: #15536
* use const string method
* Update modules/avatar/avatar.go
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: a1012112796 <1012112796@qq.com>
Diffstat (limited to 'modules/context')
| -rw-r--r-- | modules/context/secret.go | 100 |
1 files changed, 0 insertions, 100 deletions
diff --git a/modules/context/secret.go b/modules/context/secret.go deleted file mode 100644 index fcb488d211..0000000000 --- a/modules/context/secret.go +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright 2019 The Gitea Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -package context - -import ( - "crypto/aes" - "crypto/cipher" - "crypto/rand" - "crypto/sha256" - "encoding/base64" - "errors" - "io" -) - -// NewSecret creates a new secret -func NewSecret() (string, error) { - return NewSecretWithLength(32) -} - -// NewSecretWithLength creates a new secret for a given length -func NewSecretWithLength(length int64) (string, error) { - return randomString(length) -} - -func randomBytes(len int64) ([]byte, error) { - b := make([]byte, len) - if _, err := rand.Read(b); err != nil { - return nil, err - } - return b, nil -} - -func randomString(len int64) (string, error) { - b, err := randomBytes(len) - return base64.URLEncoding.EncodeToString(b), err -} - -// AesEncrypt encrypts text and given key with AES. -func AesEncrypt(key, text []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - b := base64.StdEncoding.EncodeToString(text) - ciphertext := make([]byte, aes.BlockSize+len(b)) - iv := ciphertext[:aes.BlockSize] - if _, err := io.ReadFull(rand.Reader, iv); err != nil { - return nil, err - } - cfb := cipher.NewCFBEncrypter(block, iv) - cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b)) - return ciphertext, nil -} - -// AesDecrypt decrypts text and given key with AES. -func AesDecrypt(key, text []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - if len(text) < aes.BlockSize { - return nil, errors.New("ciphertext too short") - } - iv := text[:aes.BlockSize] - text = text[aes.BlockSize:] - cfb := cipher.NewCFBDecrypter(block, iv) - cfb.XORKeyStream(text, text) - data, err := base64.StdEncoding.DecodeString(string(text)) - if err != nil { - return nil, err - } - return data, nil -} - -// EncryptSecret encrypts a string with given key into a hex string -func EncryptSecret(key string, str string) (string, error) { - keyHash := sha256.Sum256([]byte(key)) - plaintext := []byte(str) - ciphertext, err := AesEncrypt(keyHash[:], plaintext) - if err != nil { - return "", err - } - return base64.StdEncoding.EncodeToString(ciphertext), nil -} - -// DecryptSecret decrypts a previously encrypted hex string -func DecryptSecret(key string, cipherhex string) (string, error) { - keyHash := sha256.Sum256([]byte(key)) - ciphertext, err := base64.StdEncoding.DecodeString(cipherhex) - if err != nil { - return "", err - } - plaintext, err := AesDecrypt(keyHash[:], ciphertext) - if err != nil { - return "", err - } - return string(plaintext), nil -} |