chrly/internal/di/security.go

package di

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/base64"
	"encoding/pem"
	"strings"

	"ely.by/chrly/internal/http"
	"ely.by/chrly/internal/security"

	"github.com/defval/di"
	"github.com/spf13/viper"
)

var securityDiOptions = di.Options(
	di.Provide(newTexturesSigner,
		di.As(new(http.TexturesSigner)),
	),
)

func newTexturesSigner(config *viper.Viper) (*security.Signer, error) {
	keyStr := config.GetString("chrly.signing.key")
	if keyStr == "" {
		// TODO: log a message about the generated signing key and the way to specify it permanently
		privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
		if err != nil {
			return nil, err
		}

		return security.NewSigner(privateKey), nil
	}

	var keyBytes []byte
	if strings.HasPrefix(keyStr, "base64:") {
		base64Value := keyStr[7:]
		decodedKey, err := base64.URLEncoding.DecodeString(base64Value)
		if err != nil {
			return nil, err
		}

		keyBytes = decodedKey
	} else {
		keyBytes = []byte(keyStr)
	}

	rawPem, _ := pem.Decode(keyBytes)
	privateKey, err := x509.ParsePKCS1PrivateKey(rawPem.Bytes)
	if err != nil {
		return nil, err
	}

	return security.NewSigner(privateKey), nil
}
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`package di`

			`import (`
Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration 2024-02-01 16:41:39 +05:30			`"crypto/rand"`
			`"crypto/rsa"`
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`"crypto/x509"`
			`"encoding/base64"`
			`"encoding/pem"`
			`"strings"`

Replace base module name from github.com/elyby/chrly to ely.by/chrly 2024-02-01 12:42:34 +05:30			`"ely.by/chrly/internal/http"`
Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration 2024-02-01 16:41:39 +05:30			`"ely.by/chrly/internal/security"`
Rework project's structure 2024-02-01 12:28:26 +05:30
Upgrade dependencies 2023-12-13 21:59:12 +05:30			`"github.com/defval/di"`
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`"github.com/spf13/viper"`
			`)`

Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration 2024-02-01 16:41:39 +05:30			`var securityDiOptions = di.Options(`
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`di.Provide(newTexturesSigner,`
			`di.As(new(http.TexturesSigner)),`
			`),`
			`)`

Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration 2024-02-01 16:41:39 +05:30			`func newTexturesSigner(config viper.Viper) (security.Signer, error) {`
Rename the signature key param. Rename the signature verification key endpoint. Update CHANGELOG and README files 2021-02-27 07:07:59 +05:30			`keyStr := config.GetString("chrly.signing.key")`
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`if keyStr == "" {`
Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration 2024-02-01 16:41:39 +05:30			`// TODO: log a message about the generated signing key and the way to specify it permanently`
			`privateKey, err := rsa.GenerateKey(rand.Reader, 2048)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return security.NewSigner(privateKey), nil`
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`}`

			`var keyBytes []byte`
			`if strings.HasPrefix(keyStr, "base64:") {`
			`base64Value := keyStr[7:]`
			`decodedKey, err := base64.URLEncoding.DecodeString(base64Value)`
			`if err != nil {`
			`return nil, err`
			`}`

			`keyBytes = decodedKey`
			`} else {`
			`keyBytes = []byte(keyStr)`
			`}`

			`rawPem, _ := pem.Decode(keyBytes)`
Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration 2024-02-01 16:41:39 +05:30			`privateKey, err := x509.ParsePKCS1PrivateKey(rawPem.Bytes)`
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`if err != nil {`
			`return nil, err`
			`}`

Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration 2024-02-01 16:41:39 +05:30			`return security.NewSigner(privateKey), nil`
Implemented /profile/{username} endpoint to get complete profile with signed by the current server textures. Implemented /signing-key endpoint to get public key in der format, used to sign the textures. Improved logging of errors from http package. Changed behavior of the /cloaks endpoint 2021-02-26 07:15:45 +05:30			`}`