diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 3e4ec0e488..641dfc360b 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -967,12 +967,12 @@ func loadFromConf(allowEmpty bool, extraConfig string) { SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20) // Master key provider configuration - MasterKeyProvider = sec.Key("MASTER_KEY_PROVIDER").MustString("none") + MasterKeyProvider = sec.Key("MASTER_KEY_PROVIDER").MustString("plain") switch MasterKeyProvider { case "plain": - if MasterKey, err = base64.StdEncoding.DecodeString(sec.Key("MASTER_KEY").MustString("")); err != nil { - log.Fatal("error loading master key: %v", err) - return + MasterKey = []byte(sec.Key("MASTER_KEY").MustString(SecretKey)) + if len(MasterKey) > 32 { + MasterKey = MasterKey[:32] } case "none": default: diff --git a/modules/templates/helper.go b/modules/templates/helper.go index e5f42943ac..2a18908d84 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -46,6 +46,7 @@ import ( "code.gitea.io/gitea/modules/timeutil" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/services/gitdiff" + secret_service "code.gitea.io/gitea/services/secrets" "github.com/editorconfig/editorconfig-core-go/v2" ) @@ -478,6 +479,10 @@ func NewFuncMap() []template.FuncMap { "Shadow": func(s string) string { return "******" }, + "DecryptSecret": func(s string) string { + v, _ := secret_service.DecryptString(s) + return v + }, }} } diff --git a/services/secrets/encryption_aes.go b/services/secrets/encryption_aes.go index 7a3141de77..612efedb28 100644 --- a/services/secrets/encryption_aes.go +++ b/services/secrets/encryption_aes.go @@ -79,7 +79,7 @@ func (e *aesEncryptionProvider) DecryptString(enc string, key []byte) (string, e return "", err } - out, err := e.Encrypt(encb, key) + out, err := e.Decrypt(encb, key) if err != nil { return "", err } diff --git a/services/secrets/encryption_aes_test.go b/services/secrets/encryption_aes_test.go new file mode 100644 index 0000000000..4a28c21d13 --- /dev/null +++ b/services/secrets/encryption_aes_test.go @@ -0,0 +1,22 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package secrets + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestEncryptDecrypt(t *testing.T) { + provider := NewAesEncryptionProvider() + key := []byte("1111111111111111") + pri := "vvvvvvv" + enc, err := provider.EncryptString(pri, key) + assert.NoError(t, err) + v, err := provider.DecryptString(enc, key) + assert.NoError(t, err) + assert.EqualValues(t, pri, v) +} diff --git a/services/secrets/secrets.go b/services/secrets/secrets.go index 4d32a82b0d..1afc9905e5 100644 --- a/services/secrets/secrets.go +++ b/services/secrets/secrets.go @@ -40,6 +40,10 @@ func Init() error { return fmt.Errorf("invalid master key provider %v", setting.MasterKeyProvider) } + if err := masterKey.Init(); err != nil { + return err + } + encProvider = NewAesEncryptionProvider() return nil