From c0fc53e22602fc4b3c8d890d235d0911bef074fe Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.io>
Date: Thu, 22 Jun 2023 20:16:12 -0400
Subject: [PATCH] Import additional secrets via file uri (#25408)

---
 modules/setting/lfs.go      | 2 ++
 modules/setting/oauth2.go   | 2 ++
 modules/setting/security.go | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go
index 140a96f9ed..784a99582d 100644
--- a/modules/setting/lfs.go
+++ b/modules/setting/lfs.go
@@ -53,6 +53,8 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
 		return nil
 	}
 
+	LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("lfs"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
+
 	LFS.JWTSecretBytes = make([]byte, 32)
 	n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64))
 
diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go
index 83c607a416..9113d72e8e 100644
--- a/modules/setting/oauth2.go
+++ b/modules/setting/oauth2.go
@@ -116,6 +116,8 @@ func loadOAuth2From(rootCfg ConfigProvider) {
 		return
 	}
 
+	OAuth2.JWTSecretBase64 = loadSecret(rootCfg.Section("oauth2"), "JWT_SECRET_URI", "JWT_SECRET")
+
 	if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) {
 		OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
 	}
diff --git a/modules/setting/security.go b/modules/setting/security.go
index c39eb7f3eb..5f1f9f4ade 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -76,7 +76,7 @@ func loadSecret(sec ConfigSection, uriKey, verbatimKey string) string {
 
 	// only file URIs are allowed
 	default:
-		log.Fatal("Unsupported URI-Scheme %q (INTERNAL_TOKEN_URI = %q)", tempURI.Scheme, uri)
+		log.Fatal("Unsupported URI-Scheme %q (%q = %q)", tempURI.Scheme, uriKey, uri)
 		return ""
 	}
 }