writefreely
/
writefreely
镜像来自 https://github.com/writefreely/writefreely.git
2
0
複製 0
程式碼 問題管理 版本發佈 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
273 Commit
45 分支
128 MiB
 
 
 
 
 
目錄樹: 3a6118c207
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '3a6118c207'
${ noResults }
writefreely/keys.go

112 line
2.5 KiB
原始文件 Blame 文件歷史 

  1. /*

  2.  * Copyright © 2018 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"crypto/rand"

  15. 	"github.com/writeas/web-core/log"

  16. 	"io/ioutil"

  17. 	"os"

  18. 	"path/filepath"

  19. )

  20. 

  21. const (

  22. 	keysDir = "keys"

  23. 

  24. 	encKeysBytes = 32

  25. )

  26. 

  27. var (

  28. 	emailKeyPath      = filepath.Join(keysDir, "email.aes256")

  29. 	cookieAuthKeyPath = filepath.Join(keysDir, "cookies_auth.aes256")

  30. 	cookieKeyPath     = filepath.Join(keysDir, "cookies_enc.aes256")

  31. )

  32. 

  33. type keychain struct {

  34. 	emailKey, cookieAuthKey, cookieKey []byte

  35. }

  36. 

  37. func initKeyPaths(app *app) {

  38. 	emailKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, emailKeyPath)

  39. 	cookieAuthKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, cookieAuthKeyPath)

  40. 	cookieKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, cookieKeyPath)

  41. }

  42. 

  43. func initKeys(app *app) error {

  44. 	var err error

  45. 	app.keys = &keychain{}

  46. 

  47. 	if debugging {

  48. 		log.Info("  %s", emailKeyPath)

  49. 	}

  50. 	app.keys.emailKey, err = ioutil.ReadFile(emailKeyPath)

  51. 	if err != nil {

  52. 		return err

  53. 	}

  54. 

  55. 	if debugging {

  56. 		log.Info("  %s", cookieAuthKeyPath)

  57. 	}

  58. 	app.keys.cookieAuthKey, err = ioutil.ReadFile(cookieAuthKeyPath)

  59. 	if err != nil {

  60. 		return err

  61. 	}

  62. 

  63. 	if debugging {

  64. 		log.Info("  %s", cookieKeyPath)

  65. 	}

  66. 	app.keys.cookieKey, err = ioutil.ReadFile(cookieKeyPath)

  67. 	if err != nil {

  68. 		return err

  69. 	}

  70. 

  71. 	return nil

  72. }

  73. 

  74. // generateKey generates a key at the given path used for the encryption of

  75. // certain user data. Because user data becomes unrecoverable without these

  76. // keys, this won't overwrite any existing key, and instead outputs a message.

  77. func generateKey(path string) error {

  78. 	// Check if key file exists

  79. 	if _, err := os.Stat(path); err == nil {

  80. 		log.Info("%s already exists. rm the file if you understand the consquences.", path)

  81. 		return nil

  82. 	} else if !os.IsNotExist(err) {

  83. 		log.Error("%s", err)

  84. 		return err

  85. 	}

  86. 

  87. 	log.Info("Generating %s.", path)

  88. 	b, err := generateBytes(encKeysBytes)

  89. 	if err != nil {

  90. 		log.Error("FAILED. %s. Run writefreely --gen-keys again.", err)

  91. 		return err

  92. 	}

  93. 	err = ioutil.WriteFile(path, b, 0600)

  94. 	if err != nil {

  95. 		log.Error("FAILED writing file: %s", err)

  96. 		return err

  97. 	}

  98. 	log.Info("Success.")

  99. 	return nil

  100. }

  101. 

  102. // generateBytes returns securely generated random bytes.

  103. func generateBytes(n int) ([]byte, error) {

  104. 	b := make([]byte, n)

  105. 	_, err := rand.Read(b)

  106. 	if err != nil {

  107. 		return nil, err

  108. 	}

  109. 

  110. 	return b, nil

  111. }