tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-07 19:17:21 +00:00
Code Releases Activity

Use general token signing secret (#29205) (#29325)

Browse Source 
Backport #29205 (including #29172)

Use a clearly defined "signing secret" for token signing.
This commit is contained in:
wxiaoguang
2024-02-23 01:07:41 +08:00
committed by GitHub
parent 7ea2ffaf16
commit 511298e452
13 changed files with 130 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/base/tool.go
View File

@ -129,7 +129,7 @@ func CreateTimeLimitCode(data string, minutes int, startInf any) string {
// create sha1 encode string
sh := sha1.New()
_, _ = sh.Write([]byte(fmt.Sprintf("%s%s%s%s%d", data, setting.SecretKey, startStr, endStr, minutes)))
_, _ = sh.Write([]byte(fmt.Sprintf("%s%s%s%s%d", data, hex.EncodeToString(setting.GetGeneralTokenSigningSecret()), startStr, endStr, minutes)))
encoded := hex.EncodeToString(sh.Sum(nil))
code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded)