Import additional secrets via file uri

techknowlogick · techknowlogick · commit 3758975b4bc6 · 2023-06-21T02:51:53.000Z
Fixes go-gitea#25034
diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go
@@ -53,6 +53,8 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
 		return nil
 	}
 
+	LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("lfs"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
+
 	LFS.JWTSecretBytes = make([]byte, 32)
 	n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64))
 
diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go
@@ -116,6 +116,8 @@ func loadOAuth2From(rootCfg ConfigProvider) {
 		return
 	}
 
+	OAuth2.JWTSecretBase64 = loadSecret(rootCfg.Section("oauth2"), "JWT_SECRET_URI", "JWT_SECRET")
+
 	if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) {
 		OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
 	}

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,8 @@ func loadLFSFrom(rootCfg ConfigProvider) error {`
`53`	`53`	`return nil`
`54`	`54`	`}`
`55`	`55`
	`56`	`+ LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("lfs"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")`
	`57`	`+`
`56`	`58`	`LFS.JWTSecretBytes = make([]byte, 32)`
`57`	`59`	`n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64))`
`58`	`60`
Original file line number	Diff line number	Diff line change
`@@ -116,6 +116,8 @@ func loadOAuth2From(rootCfg ConfigProvider) {`
`116`	`116`	`return`
`117`	`117`	`}`
`118`	`118`
	`119`	`+ OAuth2.JWTSecretBase64 = loadSecret(rootCfg.Section("oauth2"), "JWT_SECRET_URI", "JWT_SECRET")`
	`120`	`+`
`119`	`121`	`if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) {`
`120`	`122`	`OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)`
`121`	`123`	`}`