mirror of
https://github.com/go-gitea/gitea
synced 2025-11-03 12:58:29 +00:00
149 lines
3.3 KiB
Go
149 lines
3.3 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package secrets
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
|
"code.gitea.io/gitea/models/db"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
|
|
"xorm.io/builder"
|
|
)
|
|
|
|
// MasterKeyProviderType is the type of master key provider
|
|
type MasterKeyProviderType string
|
|
|
|
// Types of master key providers
|
|
const (
|
|
MasterKeyProviderTypeNone MasterKeyProviderType = "none"
|
|
MasterKeyProviderTypePlain MasterKeyProviderType = "plain"
|
|
)
|
|
|
|
var (
|
|
masterKey MasterKeyProvider
|
|
encProvider EncryptionProvider
|
|
)
|
|
|
|
// Init initializes master key provider based on settings
|
|
func Init() error {
|
|
switch MasterKeyProviderType(setting.MasterKeyProvider) {
|
|
case MasterKeyProviderTypeNone:
|
|
masterKey = NewNopMasterKeyProvider()
|
|
case MasterKeyProviderTypePlain:
|
|
masterKey = NewPlainMasterKeyProvider()
|
|
default:
|
|
return fmt.Errorf("invalid master key provider %v", setting.MasterKeyProvider)
|
|
}
|
|
|
|
if err := masterKey.Init(); err != nil {
|
|
return err
|
|
}
|
|
|
|
encProvider = NewAesEncryptionProvider()
|
|
|
|
return nil
|
|
}
|
|
|
|
// GenerateMasterKey generates a new master key and returns secret or secrets for unsealing
|
|
func GenerateMasterKey() ([][]byte, error) {
|
|
return masterKey.GenerateMasterKey()
|
|
}
|
|
|
|
func Encrypt(secret []byte) ([]byte, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return secret, nil
|
|
}
|
|
|
|
return encProvider.Encrypt(secret, key)
|
|
}
|
|
|
|
func EncryptString(secret string) (string, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return secret, nil
|
|
}
|
|
|
|
return encProvider.EncryptString(secret, key)
|
|
}
|
|
|
|
func Decrypt(enc []byte) ([]byte, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return enc, nil
|
|
}
|
|
|
|
return encProvider.Decrypt(enc, key)
|
|
}
|
|
|
|
func DecryptString(enc string) (string, error) {
|
|
key, err := masterKey.GetMasterKey()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
if len(key) == 0 {
|
|
return enc, nil
|
|
}
|
|
|
|
return encProvider.DecryptString(enc, key)
|
|
}
|
|
|
|
func InsertRepoSecret(ctx context.Context, repoID int64, key, data string, pullRequest bool) error {
|
|
v, err := EncryptString(data)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return db.Insert(ctx, &auth_model.Secret{
|
|
RepoID: repoID,
|
|
Name: key,
|
|
Data: v,
|
|
PullRequest: pullRequest,
|
|
})
|
|
}
|
|
|
|
func InsertOrgSecret(ctx context.Context, userID int64, key, data string, pullRequest bool) error {
|
|
v, err := EncryptString(data)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return db.Insert(ctx, &auth_model.Secret{
|
|
UserID: userID,
|
|
Name: key,
|
|
Data: v,
|
|
PullRequest: pullRequest,
|
|
})
|
|
}
|
|
|
|
func DeleteSecretByID(ctx context.Context, id int64) error {
|
|
_, err := db.DeleteByBean(ctx, &auth_model.Secret{ID: id})
|
|
return err
|
|
}
|
|
|
|
func FindRepoSecrets(ctx context.Context, repoID int64) ([]*auth_model.Secret, error) {
|
|
var res []*auth_model.Secret
|
|
return res, db.FindObjects(ctx, builder.Eq{"repo_id": repoID}, nil, &res)
|
|
}
|
|
|
|
func FindUserSecrets(ctx context.Context, userID int64) ([]*auth_model.Secret, error) {
|
|
var res []*auth_model.Secret
|
|
return res, db.FindObjects(ctx, builder.Eq{"user_id": userID}, nil, &res)
|
|
}
|