githaven-fork/models/migrations/v71.go
silverwind 1e6fa57acb
Use single shared random string generation function (#15741)
* Use single shared random string generation function

- Replace 3 functions that do the same with 1 shared one
- Use crypto/rand over math/rand for a stronger RNG
- Output only alphanumerical for URL compatibilty

Fixes: #15536

* use const string method

* Update modules/avatar/avatar.go

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: a1012112796 <1012112796@qq.com>
2021-05-10 07:45:17 +01:00

88 lines
2.1 KiB
Go

// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package migrations
import (
"crypto/sha256"
"fmt"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/util"
"golang.org/x/crypto/pbkdf2"
"xorm.io/xorm"
)
func addScratchHash(x *xorm.Engine) error {
// TwoFactor see models/twofactor.go
type TwoFactor struct {
ID int64 `xorm:"pk autoincr"`
UID int64 `xorm:"UNIQUE"`
Secret string
ScratchToken string
ScratchSalt string
ScratchHash string
LastUsedPasscode string `xorm:"VARCHAR(10)"`
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
}
if err := x.Sync2(new(TwoFactor)); err != nil {
return fmt.Errorf("Sync2: %v", err)
}
sess := x.NewSession()
defer sess.Close()
if err := sess.Begin(); err != nil {
return err
}
// transform all tokens to hashes
const batchSize = 100
for start := 0; ; start += batchSize {
tfas := make([]*TwoFactor, 0, batchSize)
if err := sess.Limit(batchSize, start).Find(&tfas); err != nil {
return err
}
if len(tfas) == 0 {
break
}
for _, tfa := range tfas {
// generate salt
salt, err := util.RandomString(10)
if err != nil {
return err
}
tfa.ScratchSalt = salt
tfa.ScratchHash = hashToken(tfa.ScratchToken, salt)
if _, err := sess.ID(tfa.ID).Cols("scratch_salt, scratch_hash").Update(tfa); err != nil {
return fmt.Errorf("couldn't add in scratch_hash and scratch_salt: %v", err)
}
}
}
// Commit and begin new transaction for dropping columns
if err := sess.Commit(); err != nil {
return err
}
if err := sess.Begin(); err != nil {
return err
}
if err := dropTableColumns(sess, "two_factor", "scratch_token"); err != nil {
return err
}
return sess.Commit()
}
func hashToken(token, salt string) string {
tempHash := pbkdf2.Key([]byte(token), []byte(salt), 10000, 50, sha256.New)
return fmt.Sprintf("%x", tempHash)
}