Handle base64 decoding correctly to avoid panic (#26483)

Fix the panic if the "base64 secret" is too long.
2023-08-14 18:30:16 +08:00
parent cafce3b4b5
commit ed1be4ca68
8 changed files with 43 additions and 30 deletions
--- a/modules/generate/generate.go
+++ b/modules/generate/generate.go
@ -49,12 +49,12 @@ func NewJwtSecret() ([]byte, error) {
 }

 // NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
-func NewJwtSecretBase64() (string, error) {
+func NewJwtSecretBase64() ([]byte, string, error) {
 	bytes, err := NewJwtSecret()
 	if err != nil {
-		return "", err
+		return nil, "", err
 	}
-	return base64.RawURLEncoding.EncodeToString(bytes), nil
+	return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
 }

 // NewSecretKey generate a new value intended to be used by SECRET_KEY.