GitCaddy/GitCaddy Server
Limited
2
0
Fork 0
Code Issues Releases 4
Files
main
gitcaddy-server/modules/generate/generate.go
logikonline 12f4ea03a8
Some checks failed
Build and Release / Create Release (push) Successful in 0s
Details
Trigger Vault Plugin Rebuild / Trigger Vault Rebuild (push) Successful in 0s
Details
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 2m48s
Details
Build and Release / Lint (push) Failing after 5m2s
Details
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (amd64, darwin, linux-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (arm64, darwin, linux-latest) (push) Has been skipped
Details
Build and Release / Build Binaries (arm64, linux, linux-latest) (push) Has been skipped
Details
Build and Release / Unit Tests (push) Successful in 5m37s
Details
refactor: add /v3 suffix to module path for proper Go semver 
Go's semantic import versioning requires v2+ modules to include the
major version in the module path. This enables using proper version
tags (v3.x.x) instead of pseudo-versions.

Updated module path: code.gitcaddy.com/server/v3
2026-01-17 17:53:59 -05:00

75 lines
2.0 KiB
Go
Raw Permalink Blame History

// Copyright 2016 The Gogs Authors. All rights reserved.
// Copyright 2016 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package generate
import (
"crypto/rand"
"encoding/base64"
"fmt"
"io"
"time"
"code.gitcaddy.com/server/v3/modules/util"
"github.com/golang-jwt/jwt/v5"
)
// NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN.
func NewInternalToken() (string, error) {
secretBytes := make([]byte, 32)
_, err := io.ReadFull(rand.Reader, secretBytes)
if err != nil {
return "", err
}
secretKey := base64.RawURLEncoding.EncodeToString(secretBytes)
now := time.Now()
var internalToken string
internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"nbf": now.Unix(),
}).SignedString([]byte(secretKey))
if err != nil {
return "", err
}
return internalToken, nil
}
const defaultJwtSecretLen = 32
// DecodeJwtSecretBase64 decodes a base64 encoded jwt secret into bytes, and check its length
func DecodeJwtSecretBase64(src string) ([]byte, error) {
encoding := base64.RawURLEncoding
decoded := make([]byte, encoding.DecodedLen(len(src))+3)
if n, err := encoding.Decode(decoded, []byte(src)); err != nil {
return nil, err
} else if n != defaultJwtSecretLen {
return nil, fmt.Errorf("invalid base64 decoded length: %d, expects: %d", n, defaultJwtSecretLen)
}
return decoded[:defaultJwtSecretLen], nil
}
// NewJwtSecretWithBase64 generates a jwt secret with its base64 encoded value intended to be used for saving into config file
func NewJwtSecretWithBase64() ([]byte, string, error) {
bytes := make([]byte, defaultJwtSecretLen)
_, err := io.ReadFull(rand.Reader, bytes)
if err != nil {
return nil, "", err
}
return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
}
// NewSecretKey generate a new value intended to be used by SECRET_KEY.
func NewSecretKey() (string, error) {
secretKey, err := util.CryptoRandomString(64)
if err != nil {
return "", err
}
return secretKey, nil
}
Reference in New Issue View Git Blame Copy Permalink