nune/gitea
nune/gitea
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Use general token signing secret (#29205) (#29325)

Browse source 
Backport #29205 (including #29172)

Use a clearly defined "signing secret" for token signing.
This commit is contained in:
wxiaoguang 2024-02-23 01:07:41 +08:00 committed by GitHub
parent 7ea2ffaf16
commit 511298e452
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 130 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/base/tool.go
View file

@ -129,7 +129,7 @@ func CreateTimeLimitCode(data string, minutes int, startInf any) string {
// create sha1 encode string
sh := sha1.New()
_, _ = sh.Write([]byte(fmt.Sprintf("%s%s%s%s%d", data, setting.SecretKey, startStr, endStr, minutes)))
_, _ = sh.Write([]byte(fmt.Sprintf("%s%s%s%s%d", data, hex.EncodeToString(setting.GetGeneralTokenSigningSecret()), startStr, endStr, minutes)))
encoded := hex.EncodeToString(sh.Sum(nil))
code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded)