code.gitea.io/gitea@v1.19.3/modules/generate/generate.go (about) 1 // Copyright 2016 The Gogs Authors. All rights reserved. 2 // Copyright 2016 The Gitea Authors. All rights reserved. 3 // SPDX-License-Identifier: MIT 4 5 package generate 6 7 import ( 8 "crypto/rand" 9 "encoding/base64" 10 "io" 11 "time" 12 13 "code.gitea.io/gitea/modules/util" 14 15 "github.com/golang-jwt/jwt/v4" 16 ) 17 18 // NewInternalToken generate a new value intended to be used by INTERNAL_TOKEN. 19 func NewInternalToken() (string, error) { 20 secretBytes := make([]byte, 32) 21 _, err := io.ReadFull(rand.Reader, secretBytes) 22 if err != nil { 23 return "", err 24 } 25 26 secretKey := base64.RawURLEncoding.EncodeToString(secretBytes) 27 28 now := time.Now() 29 30 var internalToken string 31 internalToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ 32 "nbf": now.Unix(), 33 }).SignedString([]byte(secretKey)) 34 if err != nil { 35 return "", err 36 } 37 38 return internalToken, nil 39 } 40 41 // NewJwtSecret generates a new value intended to be used for JWT secrets. 42 func NewJwtSecret() ([]byte, error) { 43 bytes := make([]byte, 32) 44 _, err := io.ReadFull(rand.Reader, bytes) 45 if err != nil { 46 return nil, err 47 } 48 return bytes, nil 49 } 50 51 // NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets. 52 func NewJwtSecretBase64() (string, error) { 53 bytes, err := NewJwtSecret() 54 if err != nil { 55 return "", err 56 } 57 return base64.RawURLEncoding.EncodeToString(bytes), nil 58 } 59 60 // NewSecretKey generate a new value intended to be used by SECRET_KEY. 61 func NewSecretKey() (string, error) { 62 secretKey, err := util.CryptoRandomString(64) 63 if err != nil { 64 return "", err 65 } 66 67 return secretKey, nil 68 }