Implements generator cli for secrets (#3531)

Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>
2025-07-22 18:28:37 +00:00 · 2018-02-18 18:14:37 +00:00
parent e59fe7c8d9
commit 96c268c0fc
12 changed files with 215 additions and 67 deletions
--- a/routers/install.go
+++ b/routers/install.go
@@ -20,6 +20,7 @@ import (
 	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/user"
@@ -275,7 +276,12 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
 	if form.LFSRootPath != "" {
 		cfg.Section("server").Key("LFS_START_SERVER").SetValue("true")
 		cfg.Section("server").Key("LFS_CONTENT_PATH").SetValue(form.LFSRootPath)
-		cfg.Section("server").Key("LFS_JWT_SECRET").SetValue(base.GetRandomBytesAsBase64(32))
+		var secretKey string
+		if secretKey, err = generate.NewLfsJwtSecret(); err != nil {
+			ctx.RenderWithErr(ctx.Tr("install.lfs_jwt_secret_failed", err), tplInstall, &form)
+			return
+		}
+		cfg.Section("server").Key("LFS_JWT_SECRET").SetValue(secretKey)
 	} else {
 		cfg.Section("server").Key("LFS_START_SERVER").SetValue("false")
 	}
@@ -315,7 +321,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {

 	cfg.Section("security").Key("INSTALL_LOCK").SetValue("true")
 	var secretKey string
-	if secretKey, err = base.GetRandomString(10); err != nil {
+	if secretKey, err = generate.NewSecretKey(); err != nil {
 		ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
 		return
 	}
--- a/routers/user/auth_openid.go
+++ b/routers/user/auth_openid.go
@@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/modules/auth/openid"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

@@ -348,7 +349,7 @@ func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.Si
 	if len < 256 {
 		len = 256
 	}
-	password, err := base.GetRandomString(len)
+	password, err := generate.GetRandomString(len)
 	if err != nil {
 		ctx.RenderWithErr(err.Error(), tplSignUpOID, form)
 		return