Change api_key encoding to base64 to comply with bcrypt max size (#2302)
This commit is contained in:
parent
62caffb102
commit
e42841cd00
|
@ -3,7 +3,7 @@ package v1
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
"encoding/hex"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -15,9 +15,11 @@ import (
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
const (
|
||||||
APIKeyHeader = "X-Api-Key"
|
APIKeyHeader = "X-Api-Key"
|
||||||
bouncerContextKey = "bouncer_info"
|
bouncerContextKey = "bouncer_info"
|
||||||
|
// max allowed by bcrypt 72 = 54 bytes in base64
|
||||||
|
dummyAPIKeySize = 54
|
||||||
)
|
)
|
||||||
|
|
||||||
type APIKey struct {
|
type APIKey struct {
|
||||||
|
@ -31,7 +33,7 @@ func GenerateAPIKey(n int) (string, error) {
|
||||||
if _, err := rand.Read(bytes); err != nil {
|
if _, err := rand.Read(bytes); err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
return hex.EncodeToString(bytes), nil
|
return base64.StdEncoding.EncodeToString(bytes), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAPIKey(dbClient *database.Client) *APIKey {
|
func NewAPIKey(dbClient *database.Client) *APIKey {
|
||||||
|
@ -82,7 +84,7 @@ func (a *APIKey) MiddlewareFunc() gin.HandlerFunc {
|
||||||
if err != nil && strings.Contains(err.Error(), "bouncer not found") {
|
if err != nil && strings.Contains(err.Error(), "bouncer not found") {
|
||||||
//Because we have a valid cert, automatically create the bouncer in the database if it does not exist
|
//Because we have a valid cert, automatically create the bouncer in the database if it does not exist
|
||||||
//Set a random API key, but it will never be used
|
//Set a random API key, but it will never be used
|
||||||
apiKey, err := GenerateAPIKey(64)
|
apiKey, err := GenerateAPIKey(dummyAPIKeySize)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.WithFields(log.Fields{
|
log.WithFields(log.Fields{
|
||||||
"ip": c.ClientIP(),
|
"ip": c.ClientIP(),
|
||||||
|
|
|
@ -81,7 +81,7 @@ func (j *JWT) Authenticator(c *gin.Context) (interface{}, error) {
|
||||||
//Machine was not found, let's create it
|
//Machine was not found, let's create it
|
||||||
log.Printf("machine %s not found, create it", machineID)
|
log.Printf("machine %s not found, create it", machineID)
|
||||||
//let's use an apikey as the password, doesn't matter in this case (generatePassword is only available in cscli)
|
//let's use an apikey as the password, doesn't matter in this case (generatePassword is only available in cscli)
|
||||||
pwd, err := GenerateAPIKey(64)
|
pwd, err := GenerateAPIKey(dummyAPIKeySize)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.WithFields(log.Fields{
|
log.WithFields(log.Fields{
|
||||||
"ip": c.ClientIP(),
|
"ip": c.ClientIP(),
|
||||||
|
|
Loading…
Reference in a new issue