From 96c268c0fcc22604103f67821d66fef39944e80b Mon Sep 17 00:00:00 2001 From: Codruț Constantin Gușoi Date: Sun, 18 Feb 2018 18:14:37 +0000 Subject: Implements generator cli for secrets (#3531) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Codruț Constantin Gușoi --- modules/generate/generate.go | 89 +++++++++++++++++++++++++++++++++++++++ modules/generate/generate_test.go | 20 +++++++++ 2 files changed, 109 insertions(+) create mode 100644 modules/generate/generate.go create mode 100644 modules/generate/generate_test.go (limited to 'modules/generate') diff --git a/modules/generate/generate.go b/modules/generate/generate.go new file mode 100644 index 0000000000..d0e7593013 --- /dev/null +++ b/modules/generate/generate.go @@ -0,0 +1,89 @@ +// Copyright 2016 The Gogs Authors. All rights reserved. +// Copyright 2016 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package generate + +import ( + "crypto/rand" + "encoding/base64" + "io" + "math/big" + "time" + + "github.com/dgrijalva/jwt-go" +) + +// GetRandomString generate random string by specify chars. +func GetRandomString(n int) (string, error) { + const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + + buffer := make([]byte, n) + max := big.NewInt(int64(len(alphanum))) + + for i := 0; i < n; i++ { + index, err := randomInt(max) + if err != nil { + return "", err + } + + buffer[i] = alphanum[index] + } + + return string(buffer), nil +} + +// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN. +func NewInternalToken() (string, error) { + secretBytes := make([]byte, 32) + _, err := io.ReadFull(rand.Reader, secretBytes) + if err != nil { + return "", err + } + + secretKey := base64.RawURLEncoding.EncodeToString(secretBytes) + + now := time.Now() + + var internalToken string + internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ + "nbf": now.Unix(), + }).SignedString([]byte(secretKey)) + if err != nil { + return "", err + } + + return internalToken, nil +} + +// NewLfsJwtSecret generate a new value intended to be used by LFS_JWT_SECRET. +func NewLfsJwtSecret() (string, error) { + JWTSecretBytes := make([]byte, 32) + _, err := io.ReadFull(rand.Reader, JWTSecretBytes) + if err != nil { + return "", err + } + + JWTSecretBase64 := base64.RawURLEncoding.EncodeToString(JWTSecretBytes) + return JWTSecretBase64, nil +} + +// NewSecretKey generate a new value intended to be used by SECRET_KEY. +func NewSecretKey() (string, error) { + secretKey, err := GetRandomString(64) + if err != nil { + return "", err + } + + return secretKey, nil +} + +func randomInt(max *big.Int) (int, error) { + rand, err := rand.Int(rand.Reader, max) + if err != nil { + return 0, err + } + + return int(rand.Int64()), nil +} diff --git a/modules/generate/generate_test.go b/modules/generate/generate_test.go new file mode 100644 index 0000000000..538471af49 --- /dev/null +++ b/modules/generate/generate_test.go @@ -0,0 +1,20 @@ +package generate + +import ( + "os" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestMain(m *testing.M) { + retVal := m.Run() + + os.Exit(retVal) +} + +func TestGetRandomString(t *testing.T) { + randomString, err := GetRandomString(4) + assert.NoError(t, err) + assert.Len(t, randomString, 4) +} -- cgit v1.2.3