Add simple master key provider for secret encryption
This commit is contained in:
Lauris BH
Jason Song
@@ -9,6 +9,7 @@ import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"io"
|
||||
"math/big"
|
||||
"time"
|
||||
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
@@ -67,3 +68,23 @@ func NewSecretKey() (string, error) {
|
||||
|
||||
return secretKey, nil
|
||||
}
|
||||
|
||||
// NewMasterKey generate a new value intended to be used by MASTER_KEY.
|
||||
func NewMasterKey() ([]byte, error) {
|
||||
secretBytes := make([]byte, 32)
|
||||
_, err := io.ReadFull(rand.Reader, secretBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return secretBytes, nil
|
||||
}
|
||||
|
||||
func randomInt(max *big.Int) (int, error) {
|
||||
rand, err := rand.Int(rand.Reader, max)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
return int(rand.Int64()), nil
|
||||
}
|
||||
|
||||
@@ -215,6 +215,8 @@ var (
|
||||
HMACKey string `ini:"HMAC_KEY"`
|
||||
Allways bool
|
||||
}{}
|
||||
MasterKeyProvider string
|
||||
MasterKey []byte
|
||||
|
||||
// UI settings
|
||||
UI = struct {
|
||||
@@ -964,6 +966,20 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
|
||||
PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false)
|
||||
SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20)
|
||||
|
||||
// Master key provider configuration
|
||||
MasterKeyProvider = sec.Key("MASTER_KEY_PROVIDER").MustString("none")
|
||||
switch MasterKeyProvider {
|
||||
case "plain":
|
||||
if MasterKey, err = base64.StdEncoding.DecodeString(sec.Key("MASTER_KEY").MustString("")); err != nil {
|
||||
log.Fatal("error loading master key: %v", err)
|
||||
return
|
||||
}
|
||||
case "none":
|
||||
default:
|
||||
log.Fatal("invalid master key provider type: %v", MasterKeyProvider)
|
||||
return
|
||||
}
|
||||
|
||||
InternalToken = loadSecret(sec, "INTERNAL_TOKEN_URI", "INTERNAL_TOKEN")
|
||||
if InstallLock && InternalToken == "" {
|
||||
// if Gitea has been installed but the InternalToken hasn't been generated (upgrade from an old release), we should generate
|
||||
|
||||
@@ -79,6 +79,11 @@ func GetInclude(field reflect.StructField) string {
|
||||
return getRuleBody(field, "Include(")
|
||||
}
|
||||
|
||||
// GetIn get allowed values in form tag
|
||||
func GetIn(field reflect.StructField) string {
|
||||
return getRuleBody(field, "In(")
|
||||
}
|
||||
|
||||
// Validate validate TODO:
|
||||
func Validate(errs binding.Errors, data map[string]interface{}, f Form, l translation.Locale) binding.Errors {
|
||||
if errs.Len() == 0 {
|
||||
@@ -131,6 +136,8 @@ func Validate(errs binding.Errors, data map[string]interface{}, f Form, l transl
|
||||
data["ErrorMsg"] = trName + l.Tr("form.url_error", errs[0].Message)
|
||||
case binding.ERR_INCLUDE:
|
||||
data["ErrorMsg"] = trName + l.Tr("form.include_error", GetInclude(field))
|
||||
case binding.ERR_IN:
|
||||
data["ErrorMsg"] = trName + l.Tr("form.in_error", strings.Join(strings.Split(GetIn(field), ","), ", "))
|
||||
case validation.ErrGlobPattern:
|
||||
data["ErrorMsg"] = trName + l.Tr("form.glob_pattern_error", errs[0].Message)
|
||||
case validation.ErrRegexPattern:
|
||||
|
||||
Reference in New Issue
Block a user