mirror of https://github.com/writeas/writefreely
A focused writing and publishing space.
https://write.with.parts
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
83 lines
1.7 KiB
83 lines
1.7 KiB
package writefreely
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"github.com/writeas/web-core/log"
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
)
|
|
|
|
const (
|
|
keysDir = "keys"
|
|
|
|
encKeysBytes = 32
|
|
)
|
|
|
|
var (
|
|
emailKeyPath = filepath.Join(keysDir, "email.aes256")
|
|
cookieAuthKeyPath = filepath.Join(keysDir, "cookies_auth.aes256")
|
|
cookieKeyPath = filepath.Join(keysDir, "cookies_enc.aes256")
|
|
)
|
|
|
|
type keychain struct {
|
|
emailKey, cookieAuthKey, cookieKey []byte
|
|
}
|
|
|
|
func initKeys(app *app) error {
|
|
var err error
|
|
app.keys = &keychain{}
|
|
|
|
app.keys.emailKey, err = ioutil.ReadFile(emailKeyPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
app.keys.cookieAuthKey, err = ioutil.ReadFile(cookieAuthKeyPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
app.keys.cookieKey, err = ioutil.ReadFile(cookieKeyPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// generateKey generates a key at the given path used for the encryption of
|
|
// certain user data. Because user data becomes unrecoverable without these
|
|
// keys, this won't overwrite any existing key, and instead outputs a message.
|
|
func generateKey(path string) error {
|
|
// Check if key file exists
|
|
if _, err := os.Stat(path); !os.IsNotExist(err) {
|
|
log.Info("%s already exists. rm the file if you understand the consquences.", path)
|
|
return nil
|
|
}
|
|
|
|
log.Info("Generating %s.", path)
|
|
b, err := generateBytes(encKeysBytes)
|
|
if err != nil {
|
|
log.Error("FAILED. %s. Run writefreely --gen-keys again.", err)
|
|
return err
|
|
}
|
|
err = ioutil.WriteFile(path, b, 0600)
|
|
if err != nil {
|
|
log.Error("FAILED writing file: %s", err)
|
|
return err
|
|
}
|
|
log.Info("Success.")
|
|
return nil
|
|
}
|
|
|
|
// generateBytes returns securely generated random bytes.
|
|
func generateBytes(n int) ([]byte, error) {
|
|
b := make([]byte, n)
|
|
_, err := rand.Read(b)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return b, nil
|
|
}
|
|
|