TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 08:30:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use random bytes to generate access token (#21959)

Browse Source
This commit is contained in:
Jason Song
2022-11-28 23:37:42 +08:00
committed by GitHub
parent 9607750b5e
commit f047ee0a40
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
models/auth/token.go
View File

@@ -6,16 +6,15 @@ package auth
import (
"crypto/subtle"
"encoding/hex"
"fmt"
"time"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util"
gouuid "github.com/google/uuid"
lru "github.com/hashicorp/golang-lru"
)
@@ -100,8 +99,12 @@ func NewAccessToken(t *AccessToken) error {
if err != nil {
return err
}
token, err := util.CryptoRandomBytes(20)
if err != nil {
return err
}
t.TokenSalt = salt
t.Token = base.EncodeSha1(gouuid.New().String())
t.Token = hex.EncodeToString(token)
t.TokenHash = HashToken(t.Token, t.TokenSalt)
t.TokenLastEight = t.Token[len(t.Token)-8:]
_, err = db.GetEngine(db.DefaultContext).Insert(t)