lianguan/gitea
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Add asymmetric JWT signing (#16010)

Browse Source 
* Added asymmetric token signing.

* Load signing key from settings.

* Added optional kid parameter.

* Updated documentation.

* Add "kid" to token header.
This commit is contained in:
KN4CK3R
2021-06-17 23:56:46 +02:00
committed by GitHub
parent f7cd394680
commit 29695cd6d5
13 changed files with 481 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/generate/generate.go
View File

@ -38,14 +38,23 @@ func NewInternalToken() (string, error) {
return internalToken, nil
}
// NewJwtSecret generate a new value intended to be used by LFS_JWT_SECRET.
func NewJwtSecret() (string, error) {
JWTSecretBytes := make([]byte, 32)
_, err := io.ReadFull(rand.Reader, JWTSecretBytes)
// NewJwtSecret generates a new value intended to be used for JWT secrets.
func NewJwtSecret() ([]byte, error) {
bytes := make([]byte, 32)
_, err := io.ReadFull(rand.Reader, bytes)
if err != nil {
return nil, err
}
return bytes, nil
}
// NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
func NewJwtSecretBase64() (string, error) {
bytes, err := NewJwtSecret()
if err != nil {
return "", err
}
return base64.RawURLEncoding.EncodeToString(JWTSecretBytes), nil
return base64.RawURLEncoding.EncodeToString(bytes), nil
}
// NewSecretKey generate a new value intended to be used by SECRET_KEY.