Rework security module, replace JWT library, invalidate JWT tokens signed for Chrly v4, generate RSA key in runtime when not provided via configuration

2025-05-31 14:11:51 +05:30 · 2024-02-01 12:11:39 +01:00
parent 11340289ad
commit 10c11bc060
15 changed files with 246 additions and 321 deletions
--- a/internal/security/signer.go
+++ b/internal/security/signer.go
@@ -0,0 +1,40 @@
+package security
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"encoding/base64"
+)
+
+var randomReader = rand.Reader
+
+func NewSigner(key *rsa.PrivateKey) *Signer {
+	return &Signer{Key: key}
+}
+
+type Signer struct {
+	Key *rsa.PrivateKey
+}
+
+func (s *Signer) SignTextures(textures string) (string, error) {
+	message := []byte(textures)
+	messageHash := sha1.New()
+	_, err := messageHash.Write(message)
+	if err != nil {
+		return "", err
+	}
+
+	messageHashSum := messageHash.Sum(nil)
+	signature, err := rsa.SignPKCS1v15(randomReader, s.Key, crypto.SHA1, messageHashSum)
+	if err != nil {
+		return "", err
+	}
+
+	return base64.StdEncoding.EncodeToString(signature), nil
+}
+
+func (s *Signer) GetPublicKey() (*rsa.PublicKey, error) {
+	return &s.Key.PublicKey, nil
+}