-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implements generator cli for secrets (#3531)
Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>
- Loading branch information
Showing
12 changed files
with
215 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
// Copyright 2016 The Gogs Authors. All rights reserved. | ||
// Copyright 2016 The Gitea Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
|
||
"code.gitea.io/gitea/modules/generate" | ||
|
||
"github.com/urfave/cli" | ||
) | ||
|
||
var ( | ||
// CmdGenerate represents the available generate sub-command. | ||
CmdGenerate = cli.Command{ | ||
Name: "generate", | ||
Usage: "Command line interface for running generators", | ||
Subcommands: []cli.Command{ | ||
subcmdSecret, | ||
}, | ||
} | ||
|
||
subcmdSecret = cli.Command{ | ||
Name: "secret", | ||
Usage: "Generate a secret token", | ||
Subcommands: []cli.Command{ | ||
microcmdGenerateInternalToken, | ||
microcmdGenerateLfsJwtSecret, | ||
microcmdGenerateSecretKey, | ||
}, | ||
} | ||
|
||
microcmdGenerateInternalToken = cli.Command{ | ||
Name: "INTERNAL_TOKEN", | ||
Usage: "Generate a new INTERNAL_TOKEN", | ||
Action: runGenerateInternalToken, | ||
} | ||
|
||
microcmdGenerateLfsJwtSecret = cli.Command{ | ||
Name: "LFS_JWT_SECRET", | ||
Usage: "Generate a new LFS_JWT_SECRET", | ||
Action: runGenerateLfsJwtSecret, | ||
} | ||
|
||
microcmdGenerateSecretKey = cli.Command{ | ||
Name: "SECRET_KEY", | ||
Usage: "Generate a new SECRET_KEY", | ||
Action: runGenerateSecretKey, | ||
} | ||
) | ||
|
||
func runGenerateInternalToken(c *cli.Context) error { | ||
internalToken, err := generate.NewInternalToken() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
fmt.Printf("%s\n", internalToken) | ||
return nil | ||
} | ||
|
||
func runGenerateLfsJwtSecret(c *cli.Context) error { | ||
JWTSecretBase64, err := generate.NewLfsJwtSecret() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
fmt.Printf("%s\n", JWTSecretBase64) | ||
return nil | ||
} | ||
|
||
func runGenerateSecretKey(c *cli.Context) error { | ||
secretKey, err := generate.NewSecretKey() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
fmt.Printf("%s\n", secretKey) | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
// Copyright 2016 The Gogs Authors. All rights reserved. | ||
// Copyright 2016 The Gitea Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package generate | ||
|
||
import ( | ||
"crypto/rand" | ||
"encoding/base64" | ||
"io" | ||
"math/big" | ||
"time" | ||
|
||
"github.com/dgrijalva/jwt-go" | ||
) | ||
|
||
// GetRandomString generate random string by specify chars. | ||
func GetRandomString(n int) (string, error) { | ||
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" | ||
|
||
buffer := make([]byte, n) | ||
max := big.NewInt(int64(len(alphanum))) | ||
|
||
for i := 0; i < n; i++ { | ||
index, err := randomInt(max) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
buffer[i] = alphanum[index] | ||
} | ||
|
||
return string(buffer), nil | ||
} | ||
|
||
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN. | ||
func NewInternalToken() (string, error) { | ||
secretBytes := make([]byte, 32) | ||
_, err := io.ReadFull(rand.Reader, secretBytes) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes) | ||
|
||
now := time.Now() | ||
|
||
var internalToken string | ||
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ | ||
"nbf": now.Unix(), | ||
}).SignedString([]byte(secretKey)) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
return internalToken, nil | ||
} | ||
|
||
// NewLfsJwtSecret generate a new value intended to be used by LFS_JWT_SECRET. | ||
func NewLfsJwtSecret() (string, error) { | ||
JWTSecretBytes := make([]byte, 32) | ||
_, err := io.ReadFull(rand.Reader, JWTSecretBytes) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
JWTSecretBase64 := base64.RawURLEncoding.EncodeToString(JWTSecretBytes) | ||
return JWTSecretBase64, nil | ||
} | ||
|
||
// NewSecretKey generate a new value intended to be used by SECRET_KEY. | ||
func NewSecretKey() (string, error) { | ||
secretKey, err := GetRandomString(64) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
return secretKey, nil | ||
} | ||
|
||
func randomInt(max *big.Int) (int, error) { | ||
rand, err := rand.Int(rand.Reader, max) | ||
if err != nil { | ||
return 0, err | ||
} | ||
|
||
return int(rand.Int64()), nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package generate | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func TestMain(m *testing.M) { | ||
retVal := m.Run() | ||
|
||
os.Exit(retVal) | ||
} | ||
|
||
func TestGetRandomString(t *testing.T) { | ||
randomString, err := GetRandomString(4) | ||
assert.NoError(t, err) | ||
assert.Len(t, randomString, 4) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.