summaryrefslogtreecommitdiffstats
path: root/services/auth
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2023-04-25 23:06:39 +0800
committerGitHub <noreply@github.com>2023-04-25 23:06:39 +0800
commit5cf7da63ee74939595b8800787dcdb4c7290fa4f (patch)
tree39f6c9c6e2a0e78e63949b9299f52a8954abe0bc /services/auth
parent56d4893b2a996da6388801c9c8ff16b9b588ad55 (diff)
downloadgitea-5cf7da63ee74939595b8800787dcdb4c7290fa4f.tar.gz
gitea-5cf7da63ee74939595b8800787dcdb4c7290fa4f.zip
Refactor config provider (#24245)
This PR introduces more abstract about `ConfigProvider` and hides more `ini` references. --------- Co-authored-by: delvh <dev.lh@web.de>
Diffstat (limited to 'services/auth')
-rw-r--r--services/auth/source/oauth2/jwtsigningkey.go28
1 files changed, 9 insertions, 19 deletions
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go
index 94feddbf6b..ed60952ac7 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/auth/source/oauth2/jwtsigningkey.go
@@ -18,14 +18,12 @@ import (
"path/filepath"
"strings"
- "code.gitea.io/gitea/modules/generate"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"github.com/golang-jwt/jwt/v4"
"github.com/minio/sha256-simd"
- ini "gopkg.in/ini.v1"
)
// ErrInvalidAlgorithmType represents an invalid algorithm error.
@@ -316,8 +314,7 @@ func InitSigningKey() error {
case "HS384":
fallthrough
case "HS512":
- key, err = loadOrCreateSymmetricKey()
-
+ key, err = loadSymmetricKey()
case "RS256":
fallthrough
case "RS384":
@@ -332,7 +329,6 @@ func InitSigningKey() error {
fallthrough
case "EdDSA":
key, err = loadOrCreateAsymmetricKey()
-
default:
return ErrInvalidAlgorithmType{setting.OAuth2.JWTSigningAlgorithm}
}
@@ -351,22 +347,16 @@ func InitSigningKey() error {
return nil
}
-// loadOrCreateSymmetricKey checks if the configured secret is valid.
-// If it is not valid a new secret is created and saved in the configuration file.
-func loadOrCreateSymmetricKey() (interface{}, error) {
+// loadSymmetricKey checks if the configured secret is valid.
+// If it is not valid, it will return an error.
+func loadSymmetricKey() (interface{}, error) {
key := make([]byte, 32)
n, err := base64.RawURLEncoding.Decode(key, []byte(setting.OAuth2.JWTSecretBase64))
- if err != nil || n != 32 {
- key, err = generate.NewJwtSecret()
- if err != nil {
- log.Fatal("error generating JWT secret: %v", err)
- return nil, err
- }
-
- setting.CreateOrAppendToCustomConf("oauth2.JWT_SECRET", func(cfg *ini.File) {
- secretBase64 := base64.RawURLEncoding.EncodeToString(key)
- cfg.Section("oauth2").Key("JWT_SECRET").SetValue(secretBase64)
- })
+ if err != nil {
+ return nil, err
+ }
+ if n != 32 {
+ return nil, fmt.Errorf("JWT secret must be 32 bytes long")
}
return key, nil