Codruț Constantin Gușoi
6 years ago
committed by
Lauris BH
12 changed files with 215 additions and 67 deletions
@ -0,0 +1,83 @@ |
|||
// Copyright 2016 The Gogs Authors. All rights reserved.
|
|||
// Copyright 2016 The Gitea Authors. All rights reserved.
|
|||
// Use of this source code is governed by a MIT-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
package cmd |
|||
|
|||
import ( |
|||
"fmt" |
|||
|
|||
"code.gitea.io/gitea/modules/generate" |
|||
|
|||
"github.com/urfave/cli" |
|||
) |
|||
|
|||
var ( |
|||
// CmdGenerate represents the available generate sub-command.
|
|||
CmdGenerate = cli.Command{ |
|||
Name: "generate", |
|||
Usage: "Command line interface for running generators", |
|||
Subcommands: []cli.Command{ |
|||
subcmdSecret, |
|||
}, |
|||
} |
|||
|
|||
subcmdSecret = cli.Command{ |
|||
Name: "secret", |
|||
Usage: "Generate a secret token", |
|||
Subcommands: []cli.Command{ |
|||
microcmdGenerateInternalToken, |
|||
microcmdGenerateLfsJwtSecret, |
|||
microcmdGenerateSecretKey, |
|||
}, |
|||
} |
|||
|
|||
microcmdGenerateInternalToken = cli.Command{ |
|||
Name: "INTERNAL_TOKEN", |
|||
Usage: "Generate a new INTERNAL_TOKEN", |
|||
Action: runGenerateInternalToken, |
|||
} |
|||
|
|||
microcmdGenerateLfsJwtSecret = cli.Command{ |
|||
Name: "LFS_JWT_SECRET", |
|||
Usage: "Generate a new LFS_JWT_SECRET", |
|||
Action: runGenerateLfsJwtSecret, |
|||
} |
|||
|
|||
microcmdGenerateSecretKey = cli.Command{ |
|||
Name: "SECRET_KEY", |
|||
Usage: "Generate a new SECRET_KEY", |
|||
Action: runGenerateSecretKey, |
|||
} |
|||
) |
|||
|
|||
func runGenerateInternalToken(c *cli.Context) error { |
|||
internalToken, err := generate.NewInternalToken() |
|||
if err != nil { |
|||
return err |
|||
} |
|||
|
|||
fmt.Printf("%s\n", internalToken) |
|||
return nil |
|||
} |
|||
|
|||
func runGenerateLfsJwtSecret(c *cli.Context) error { |
|||
JWTSecretBase64, err := generate.NewLfsJwtSecret() |
|||
if err != nil { |
|||
return err |
|||
} |
|||
|
|||
fmt.Printf("%s\n", JWTSecretBase64) |
|||
return nil |
|||
} |
|||
|
|||
func runGenerateSecretKey(c *cli.Context) error { |
|||
secretKey, err := generate.NewSecretKey() |
|||
if err != nil { |
|||
return err |
|||
} |
|||
|
|||
fmt.Printf("%s\n", secretKey) |
|||
return nil |
|||
} |
@ -0,0 +1,89 @@ |
|||
// Copyright 2016 The Gogs Authors. All rights reserved.
|
|||
// Copyright 2016 The Gitea Authors. All rights reserved.
|
|||
// Use of this source code is governed by a MIT-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
package generate |
|||
|
|||
import ( |
|||
"crypto/rand" |
|||
"encoding/base64" |
|||
"io" |
|||
"math/big" |
|||
"time" |
|||
|
|||
"github.com/dgrijalva/jwt-go" |
|||
) |
|||
|
|||
// GetRandomString generate random string by specify chars.
|
|||
func GetRandomString(n int) (string, error) { |
|||
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" |
|||
|
|||
buffer := make([]byte, n) |
|||
max := big.NewInt(int64(len(alphanum))) |
|||
|
|||
for i := 0; i < n; i++ { |
|||
index, err := randomInt(max) |
|||
if err != nil { |
|||
return "", err |
|||
} |
|||
|
|||
buffer[i] = alphanum[index] |
|||
} |
|||
|
|||
return string(buffer), nil |
|||
} |
|||
|
|||
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
|
|||
func NewInternalToken() (string, error) { |
|||
secretBytes := make([]byte, 32) |
|||
_, err := io.ReadFull(rand.Reader, secretBytes) |
|||
if err != nil { |
|||
return "", err |
|||
} |
|||
|
|||
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes) |
|||
|
|||
now := time.Now() |
|||
|
|||
var internalToken string |
|||
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ |
|||
"nbf": now.Unix(), |
|||
}).SignedString([]byte(secretKey)) |
|||
if err != nil { |
|||
return "", err |
|||
} |
|||
|
|||
return internalToken, nil |
|||
} |
|||
|
|||
// NewLfsJwtSecret generate a new value intended to be used by LFS_JWT_SECRET.
|
|||
func NewLfsJwtSecret() (string, error) { |
|||
JWTSecretBytes := make([]byte, 32) |
|||
_, err := io.ReadFull(rand.Reader, JWTSecretBytes) |
|||
if err != nil { |
|||
return "", err |
|||
} |
|||
|
|||
JWTSecretBase64 := base64.RawURLEncoding.EncodeToString(JWTSecretBytes) |
|||
return JWTSecretBase64, nil |
|||
} |
|||
|
|||
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
|
|||
func NewSecretKey() (string, error) { |
|||
secretKey, err := GetRandomString(64) |
|||
if err != nil { |
|||
return "", err |
|||
} |
|||
|
|||
return secretKey, nil |
|||
} |
|||
|
|||
func randomInt(max *big.Int) (int, error) { |
|||
rand, err := rand.Int(rand.Reader, max) |
|||
if err != nil { |
|||
return 0, err |
|||
} |
|||
|
|||
return int(rand.Int64()), nil |
|||
} |
@ -0,0 +1,20 @@ |
|||
package generate |
|||
|
|||
import ( |
|||
"os" |
|||
"testing" |
|||
|
|||
"github.com/stretchr/testify/assert" |
|||
) |
|||
|
|||
func TestMain(m *testing.M) { |
|||
retVal := m.Run() |
|||
|
|||
os.Exit(retVal) |
|||
} |
|||
|
|||
func TestGetRandomString(t *testing.T) { |
|||
randomString, err := GetRandomString(4) |
|||
assert.NoError(t, err) |
|||
assert.Len(t, randomString, 4) |
|||
} |
Loading…
Reference in new issue