From 34a1bb2c20745b628eb6e12ee18785a2a8668f21 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 20 Oct 2022 23:56:42 +0800
Subject: [PATCH] encrypt master key

---
 modules/setting/setting.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 641dfc360b..8634866206 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -6,6 +6,7 @@
 package setting
 
 import (
+	"crypto/sha1"
 	"encoding/base64"
 	"fmt"
 	"math"
@@ -28,6 +29,7 @@ import (
 	"code.gitea.io/gitea/modules/user"
 	"code.gitea.io/gitea/modules/util"
 
+	"golang.org/x/crypto/pbkdf2"
 	gossh "golang.org/x/crypto/ssh"
 	ini "gopkg.in/ini.v1"
 )
@@ -970,10 +972,9 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
 	MasterKeyProvider = sec.Key("MASTER_KEY_PROVIDER").MustString("plain")
 	switch MasterKeyProvider {
 	case "plain":
+		tempSalt := []byte{'g', 'i', 't', 'e', 'a'}
 		MasterKey = []byte(sec.Key("MASTER_KEY").MustString(SecretKey))
-		if len(MasterKey) > 32 {
-			MasterKey = MasterKey[:32]
-		}
+		MasterKey = pbkdf2.Key(MasterKey, tempSalt, 4096, 32, sha1.New)
 	case "none":
 	default:
 		log.Fatal("invalid master key provider type: %v", MasterKeyProvider)