diff options
| author | Giteabot <teabot@gitea.io> | 2024-05-14 23:00:38 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-14 15:00:38 +0000 |
| commit | 5b7e54f72f7b85b3394d7af20b27152d26e26256 (patch) | |
| tree | 6871167a1199181becf129eb3184c9cd66aadd97 /routers | |
| parent | 042777abd756aee04ad6c232153377fb839ea0de (diff) | |
| download | gitea-5b7e54f72f7b85b3394d7af20b27152d26e26256.tar.gz gitea-5b7e54f72f7b85b3394d7af20b27152d26e26256.zip | |
Always load or generate oauth2 jwt secret (#30942) (#30978)
Backport #30942 by @wxiaoguang
Fix #30923
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/install/install.go | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/routers/install/install.go b/routers/install/install.go index 9c6a8849b6..fde8b37ed5 100644 --- a/routers/install/install.go +++ b/routers/install/install.go @@ -481,6 +481,17 @@ func SubmitInstall(ctx *context.Context) { cfg.Section("security").Key("INTERNAL_TOKEN").SetValue(internalToken) } + // FIXME: at the moment, no matter oauth2 is enabled or not, it must generate a "oauth2 JWT_SECRET" + // see the "loadOAuth2From" in "setting/oauth2.go" + if !cfg.Section("oauth2").HasKey("JWT_SECRET") && !cfg.Section("oauth2").HasKey("JWT_SECRET_URI") { + _, jwtSecretBase64, err := generate.NewJwtSecretWithBase64() + if err != nil { + ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form) + return + } + cfg.Section("oauth2").Key("JWT_SECRET").SetValue(jwtSecretBase64) + } + // if there is already a SECRET_KEY, we should not overwrite it, otherwise the encrypted data will not be able to be decrypted if setting.SecretKey == "" { var secretKey string |