writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
262 Commits
45 Branches
297 MiB
 
 
 
 
 
Tree: 53a51be578
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '53a51be578'
${ noResults }
writefreely/keys.go

106 lines
2.4 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"crypto/rand"

  15. 	"github.com/writeas/web-core/log"

  16. 	"io/ioutil"

  17. 	"os"

  18. 	"path/filepath"

  19. )

  20. 

  21. const (

  22. 	keysDir = "keys"

  23. 

  24. 	encKeysBytes = 32

  25. )

  26. 

  27. var (

  28. 	emailKeyPath      = filepath.Join(keysDir, "email.aes256")

  29. 	cookieAuthKeyPath = filepath.Join(keysDir, "cookies_auth.aes256")

  30. 	cookieKeyPath     = filepath.Join(keysDir, "cookies_enc.aes256")

  31. )

  32. 

  33. type keychain struct {

  34. 	emailKey, cookieAuthKey, cookieKey []byte

  35. }

  36. 

  37. func initKeys(app *app) error {

  38. 	var err error

  39. 	app.keys = &keychain{}

  40. 

  41. 	emailKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, emailKeyPath)

  42. 	if debugging {

  43. 		log.Info("  %s", emailKeyPath)

  44. 	}

  45. 	app.keys.emailKey, err = ioutil.ReadFile(emailKeyPath)

  46. 	if err != nil {

  47. 		return err

  48. 	}

  49. 

  50. 	cookieAuthKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, cookieAuthKeyPath)

  51. 	if debugging {

  52. 		log.Info("  %s", cookieAuthKeyPath)

  53. 	}

  54. 	app.keys.cookieAuthKey, err = ioutil.ReadFile(cookieAuthKeyPath)

  55. 	if err != nil {

  56. 		return err

  57. 	}

  58. 

  59. 	cookieKeyPath = filepath.Join(app.cfg.Server.KeysParentDir, cookieKeyPath)

  60. 	if debugging {

  61. 		log.Info("  %s", cookieKeyPath)

  62. 	}

  63. 	app.keys.cookieKey, err = ioutil.ReadFile(cookieKeyPath)

  64. 	if err != nil {

  65. 		return err

  66. 	}

  67. 

  68. 	return nil

  69. }

  70. 

  71. // generateKey generates a key at the given path used for the encryption of

  72. // certain user data. Because user data becomes unrecoverable without these

  73. // keys, this won't overwrite any existing key, and instead outputs a message.

  74. func generateKey(path string) error {

  75. 	// Check if key file exists

  76. 	if _, err := os.Stat(path); !os.IsNotExist(err) {

  77. 		log.Info("%s already exists. rm the file if you understand the consquences.", path)

  78. 		return nil

  79. 	}

  80. 

  81. 	log.Info("Generating %s.", path)

  82. 	b, err := generateBytes(encKeysBytes)

  83. 	if err != nil {

  84. 		log.Error("FAILED. %s. Run writefreely --gen-keys again.", err)

  85. 		return err

  86. 	}

  87. 	err = ioutil.WriteFile(path, b, 0600)

  88. 	if err != nil {

  89. 		log.Error("FAILED writing file: %s", err)

  90. 		return err

  91. 	}

  92. 	log.Info("Success.")

  93. 	return nil

  94. }

  95. 

  96. // generateBytes returns securely generated random bytes.

  97. func generateBytes(n int) ([]byte, error) {

  98. 	b := make([]byte, n)

  99. 	_, err := rand.Read(b)

  100. 	if err != nil {

  101. 		return nil, err

  102. 	}

  103. 

  104. 	return b, nil

  105. }