Use single shared random string generation function (#15741)

* Use single shared random string generation function - Replace 3 functions that do the same with 1 shared one - Use crypto/rand over math/rand for a stronger RNG - Output only alphanumerical for URL compatibilty Fixes: #15536 * use const string method * Update modules/avatar/avatar.go Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com>
2025-11-04 08:30:25 +08:00 · 2021-05-10 08:45:17 +02:00
parent 270aab429e
commit 1e6fa57acb
15 changed files with 100 additions and 192 deletions
--- a/modules/context/secret.go
+++ b/modules/context/secret.go
@@ -1,100 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package context
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/rand"
-	"crypto/sha256"
-	"encoding/base64"
-	"errors"
-	"io"
-)
-
-// NewSecret creates a new secret
-func NewSecret() (string, error) {
-	return NewSecretWithLength(32)
-}
-
-// NewSecretWithLength creates a new secret for a given length
-func NewSecretWithLength(length int64) (string, error) {
-	return randomString(length)
-}
-
-func randomBytes(len int64) ([]byte, error) {
-	b := make([]byte, len)
-	if _, err := rand.Read(b); err != nil {
-		return nil, err
-	}
-	return b, nil
-}
-
-func randomString(len int64) (string, error) {
-	b, err := randomBytes(len)
-	return base64.URLEncoding.EncodeToString(b), err
-}
-
-// AesEncrypt encrypts text and given key with AES.
-func AesEncrypt(key, text []byte) ([]byte, error) {
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-	b := base64.StdEncoding.EncodeToString(text)
-	ciphertext := make([]byte, aes.BlockSize+len(b))
-	iv := ciphertext[:aes.BlockSize]
-	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
-		return nil, err
-	}
-	cfb := cipher.NewCFBEncrypter(block, iv)
-	cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))
-	return ciphertext, nil
-}
-
-// AesDecrypt decrypts text and given key with AES.
-func AesDecrypt(key, text []byte) ([]byte, error) {
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-	if len(text) < aes.BlockSize {
-		return nil, errors.New("ciphertext too short")
-	}
-	iv := text[:aes.BlockSize]
-	text = text[aes.BlockSize:]
-	cfb := cipher.NewCFBDecrypter(block, iv)
-	cfb.XORKeyStream(text, text)
-	data, err := base64.StdEncoding.DecodeString(string(text))
-	if err != nil {
-		return nil, err
-	}
-	return data, nil
-}
-
-// EncryptSecret encrypts a string with given key into a hex string
-func EncryptSecret(key string, str string) (string, error) {
-	keyHash := sha256.Sum256([]byte(key))
-	plaintext := []byte(str)
-	ciphertext, err := AesEncrypt(keyHash[:], plaintext)
-	if err != nil {
-		return "", err
-	}
-	return base64.StdEncoding.EncodeToString(ciphertext), nil
-}
-
-// DecryptSecret decrypts a previously encrypted hex string
-func DecryptSecret(key string, cipherhex string) (string, error) {
-	keyHash := sha256.Sum256([]byte(key))
-	ciphertext, err := base64.StdEncoding.DecodeString(cipherhex)
-	if err != nil {
-		return "", err
-	}
-	plaintext, err := AesDecrypt(keyHash[:], ciphertext)
-	if err != nil {
-		return "", err
-	}
-	return string(plaintext), nil
-}