nune/gitea
nune/gitea
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Use general token signing secret (#29205)

Browse source 
Use a clearly defined "signing secret" for token signing.
This commit is contained in:
wxiaoguang 2024-02-19 01:39:04 +08:00 committed by GitHub
parent c2a8aacae5
commit 8be198cdef
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 82 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

4
services/packages/auth.go
View file

@ -33,7 +33,7 @@ func CreateAuthorizationToken(u *user_model.User) (string, error) {
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tokenString, err := token.SignedString([]byte(setting.SecretKey))
tokenString, err := token.SignedString(setting.GetGeneralTokenSigningSecret())
if err != nil {
return "", err
}
@ -57,7 +57,7 @@ func ParseAuthorizationToken(req *http.Request) (int64, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
}
return []byte(setting.SecretKey), nil
return setting.GetGeneralTokenSigningSecret(), nil
})
if err != nil {
return 0, err