diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-04-25 23:06:39 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-25 23:06:39 +0800 |
commit | 5cf7da63ee74939595b8800787dcdb4c7290fa4f (patch) | |
tree | 39f6c9c6e2a0e78e63949b9299f52a8954abe0bc /services/auth | |
parent | 56d4893b2a996da6388801c9c8ff16b9b588ad55 (diff) | |
download | gitea-5cf7da63ee74939595b8800787dcdb4c7290fa4f.tar.gz gitea-5cf7da63ee74939595b8800787dcdb4c7290fa4f.zip |
Refactor config provider (#24245)
This PR introduces more abstract about `ConfigProvider` and hides more `ini` references.
---------
Co-authored-by: delvh <dev.lh@web.de>
Diffstat (limited to 'services/auth')
-rw-r--r-- | services/auth/source/oauth2/jwtsigningkey.go | 28 |
1 files changed, 9 insertions, 19 deletions
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go index 94feddbf6b..ed60952ac7 100644 --- a/services/auth/source/oauth2/jwtsigningkey.go +++ b/services/auth/source/oauth2/jwtsigningkey.go @@ -18,14 +18,12 @@ import ( "path/filepath" "strings" - "code.gitea.io/gitea/modules/generate" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/util" "github.com/golang-jwt/jwt/v4" "github.com/minio/sha256-simd" - ini "gopkg.in/ini.v1" ) // ErrInvalidAlgorithmType represents an invalid algorithm error. @@ -316,8 +314,7 @@ func InitSigningKey() error { case "HS384": fallthrough case "HS512": - key, err = loadOrCreateSymmetricKey() - + key, err = loadSymmetricKey() case "RS256": fallthrough case "RS384": @@ -332,7 +329,6 @@ func InitSigningKey() error { fallthrough case "EdDSA": key, err = loadOrCreateAsymmetricKey() - default: return ErrInvalidAlgorithmType{setting.OAuth2.JWTSigningAlgorithm} } @@ -351,22 +347,16 @@ func InitSigningKey() error { return nil } -// loadOrCreateSymmetricKey checks if the configured secret is valid. -// If it is not valid a new secret is created and saved in the configuration file. -func loadOrCreateSymmetricKey() (interface{}, error) { +// loadSymmetricKey checks if the configured secret is valid. +// If it is not valid, it will return an error. +func loadSymmetricKey() (interface{}, error) { key := make([]byte, 32) n, err := base64.RawURLEncoding.Decode(key, []byte(setting.OAuth2.JWTSecretBase64)) - if err != nil || n != 32 { - key, err = generate.NewJwtSecret() - if err != nil { - log.Fatal("error generating JWT secret: %v", err) - return nil, err - } - - setting.CreateOrAppendToCustomConf("oauth2.JWT_SECRET", func(cfg *ini.File) { - secretBase64 := base64.RawURLEncoding.EncodeToString(key) - cfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64) - }) + if err != nil { + return nil, err + } + if n != 32 { + return nil, fmt.Errorf("JWT secret must be 32 bytes long") } return key, nil |