bjoernager/forgejo
bjoernager/forgejo
1
Fork 0
Code Activity

feat: migrate TOTP secrets to keying

Browse source 
- Currently the TOTP secrets are stored using the `secrets` module with
as key the MD5 hash of the Secretkey, the `secrets` module uses general
bad practices. This patch migrates the secrets to use the `keying`
module (#5041) which is easier to use and use better practices to store
secrets in databases.
- Migration test added.
- Remove the Forgejo migration databases, and let the gitea migration
databases also run forgejo migration databases. This is required as the
Forgejo migration is now also touching tables that the forgejo migration
didn't create itself.
This commit is contained in:
Gusted 2024-11-26 02:31:26 +01:00
parent ad70e7dfb3
commit a8c61532d2
No known key found for this signature in database
GPG key ID: FD821B732837125F
18 changed files with 149 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/keying/keying.go
View file

@ -45,8 +45,12 @@ func Init(ikm []byte) {
// This must be a hardcoded string and must not be arbitrarily constructed.
type Context string
// Used for the `push_mirror` table.
var ContextPushMirror Context = "pushmirror"
var (
// Used for the `push_mirror` table.
ContextPushMirror Context = "pushmirror"
// Used for the `two_factor` table.
ContextTOTP Context = "totp"
)
// Derive *the* key for a given context, this is a determistic function. The
// same key will be provided for the same context.