mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-30 20:00:37 +00:00
0f9f6567bb
Bumping `github.com/golang-jwt/jwt` from v4 to v5. `github.com/golang-jwt/jwt` v5 is bringing some breaking changes: - standard `Valid()` method on claims is removed. It's replaced by `ClaimsValidator` interface implementing `Validator()` method instead, which is called after standard validation. Gitea doesn't seem to be using this logic. - `jwt.Token` has a field `Valid`, so it's checked in `ParseToken` function in `services/auth/source/oauth2/token.go` --------- Co-authored-by: Giteabot <teabot@gitea.io>
68 lines
1.5 KiB
Go
68 lines
1.5 KiB
Go
// Copyright 2016 The Gogs Authors. All rights reserved.
|
|
// Copyright 2016 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package generate
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"io"
|
|
"time"
|
|
|
|
"code.gitea.io/gitea/modules/util"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
|
|
func NewInternalToken() (string, error) {
|
|
secretBytes := make([]byte, 32)
|
|
_, err := io.ReadFull(rand.Reader, secretBytes)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
|
|
|
|
now := time.Now()
|
|
|
|
var internalToken string
|
|
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
"nbf": now.Unix(),
|
|
}).SignedString([]byte(secretKey))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return internalToken, nil
|
|
}
|
|
|
|
// NewJwtSecret generates a new value intended to be used for JWT secrets.
|
|
func NewJwtSecret() ([]byte, error) {
|
|
bytes := make([]byte, 32)
|
|
_, err := io.ReadFull(rand.Reader, bytes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return bytes, nil
|
|
}
|
|
|
|
// NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
|
|
func NewJwtSecretBase64() (string, error) {
|
|
bytes, err := NewJwtSecret()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return base64.RawURLEncoding.EncodeToString(bytes), nil
|
|
}
|
|
|
|
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
|
|
func NewSecretKey() (string, error) {
|
|
secretKey, err := util.CryptoRandomString(64)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return secretKey, nil
|
|
}
|