mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-23 23:29:15 +01:00
switch secret generation to use lib
This commit is contained in:
parent
83e7e30218
commit
2b1965c941
@ -4,10 +4,10 @@ import (
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
"hash/crc32"
|
||||
"math/rand"
|
||||
"time"
|
||||
|
||||
"codeberg.org/ac/base62"
|
||||
b "github.com/hashicorp/go-secure-stdlib/base62"
|
||||
"github.com/rs/xid"
|
||||
)
|
||||
|
||||
@ -25,8 +25,11 @@ type PersonalAccessToken struct {
|
||||
|
||||
// CreateNewPAT will generate a new PersonalAccessToken that can be assigned to a User.
|
||||
// Additionally, it will return the token in plain text once, to give to the user and only save a hashed version
|
||||
func CreateNewPAT(description string, expirationInDays int, createdBy string) (*PersonalAccessToken, string) {
|
||||
hashedToken, plainToken := generateNewToken()
|
||||
func CreateNewPAT(description string, expirationInDays int, createdBy string) (*PersonalAccessToken, string, error) {
|
||||
hashedToken, plainToken, err := generateNewToken()
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
currentTime := time.Now().UTC()
|
||||
return &PersonalAccessToken{
|
||||
ID: xid.New().String(),
|
||||
@ -36,26 +39,19 @@ func CreateNewPAT(description string, expirationInDays int, createdBy string) (*
|
||||
CreatedBy: createdBy,
|
||||
CreatedAt: currentTime,
|
||||
LastUsed: currentTime,
|
||||
}, plainToken
|
||||
}, plainToken, nil
|
||||
}
|
||||
|
||||
func generateNewToken() (string, string) {
|
||||
secret := randStringRunes(30)
|
||||
func generateNewToken() (string, string, error) {
|
||||
secret, err := b.Random(30)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
checksum := crc32.ChecksumIEEE([]byte(secret))
|
||||
encodedChecksum := base62.Encode(checksum)
|
||||
paddedChecksum := fmt.Sprintf("%06s", encodedChecksum)
|
||||
plainToken := "nbp_" + secret + paddedChecksum
|
||||
hashedToken := sha256.Sum256([]byte(plainToken))
|
||||
return string(hashedToken[:]), plainToken
|
||||
}
|
||||
|
||||
var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
|
||||
|
||||
func randStringRunes(n int) string {
|
||||
b := make([]rune, n)
|
||||
for i := range b {
|
||||
b[i] = letterRunes[rand.Intn(len(letterRunes))]
|
||||
}
|
||||
return string(b)
|
||||
return string(hashedToken[:]), plainToken, nil
|
||||
}
|
||||
|
@ -11,19 +11,19 @@ import (
|
||||
)
|
||||
|
||||
func TestPAT_GenerateToken_Hashing(t *testing.T) {
|
||||
hashedToken, plainToken := generateNewToken()
|
||||
hashedToken, plainToken, _ := generateNewToken()
|
||||
expectedToken := sha256.Sum256([]byte(plainToken))
|
||||
assert.Equal(t, hashedToken, string(expectedToken[:]))
|
||||
}
|
||||
|
||||
func TestPAT_GenerateToken_Prefix(t *testing.T) {
|
||||
_, plainToken := generateNewToken()
|
||||
_, plainToken, _ := generateNewToken()
|
||||
fourCharPrefix := plainToken[:4]
|
||||
assert.Equal(t, "nbp_", fourCharPrefix)
|
||||
}
|
||||
|
||||
func TestPAT_GenerateToken_Checksum(t *testing.T) {
|
||||
_, plainToken := generateNewToken()
|
||||
_, plainToken, _ := generateNewToken()
|
||||
tokenWithoutPrefix := strings.Split(plainToken, "_")[1]
|
||||
if len(tokenWithoutPrefix) != 36 {
|
||||
t.Fatal("Token has wrong length")
|
||||
|
Loading…
Reference in New Issue
Block a user