mirror of
https://github.com/writefreely/writefreely
synced 2024-11-24 17:43:05 +00:00
b092421f6e
This requires admins to generate a new encryption key with: writefreely keys generate Ref T319
69 lines
1.5 KiB
Go
69 lines
1.5 KiB
Go
/*
|
|
* Copyright © 2019, 2021 A Bunch Tell LLC.
|
|
*
|
|
* This file is part of WriteFreely.
|
|
*
|
|
* WriteFreely is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License, included
|
|
* in the LICENSE file in this source code package.
|
|
*/
|
|
|
|
// Package key holds application keys and utilities around generating them.
|
|
package key
|
|
|
|
import (
|
|
"crypto/rand"
|
|
)
|
|
|
|
const (
|
|
EncKeysBytes = 32
|
|
)
|
|
|
|
type Keychain struct {
|
|
EmailKey, CookieAuthKey, CookieKey, CSRFKey []byte
|
|
}
|
|
|
|
// GenerateKeys generates necessary keys for the app on the given Keychain,
|
|
// skipping any that already exist.
|
|
func (keys *Keychain) GenerateKeys() error {
|
|
// Generate keys only if they don't already exist
|
|
// TODO: use something like https://github.com/hashicorp/go-multierror to return errors
|
|
var err, keyErrs error
|
|
if len(keys.EmailKey) == 0 {
|
|
keys.EmailKey, err = GenerateBytes(EncKeysBytes)
|
|
if err != nil {
|
|
keyErrs = err
|
|
}
|
|
}
|
|
if len(keys.CookieAuthKey) == 0 {
|
|
keys.CookieAuthKey, err = GenerateBytes(EncKeysBytes)
|
|
if err != nil {
|
|
keyErrs = err
|
|
}
|
|
}
|
|
if len(keys.CookieKey) == 0 {
|
|
keys.CookieKey, err = GenerateBytes(EncKeysBytes)
|
|
if err != nil {
|
|
keyErrs = err
|
|
}
|
|
}
|
|
if len(keys.CSRFKey) == 0 {
|
|
keys.CSRFKey, err = GenerateBytes(EncKeysBytes)
|
|
if err != nil {
|
|
keyErrs = err
|
|
}
|
|
}
|
|
|
|
return keyErrs
|
|
}
|
|
|
|
// GenerateBytes returns securely generated random bytes.
|
|
func GenerateBytes(n int) ([]byte, error) {
|
|
b := make([]byte, n)
|
|
_, err := rand.Read(b)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return b, nil
|
|
}
|