mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-22 10:42:52 +01:00
review fixes
This commit is contained in:
parent
2451737f87
commit
11076be0ee
@ -731,6 +731,11 @@ func LoadConfig(filename string) (config *Config, err error) {
|
||||
}
|
||||
|
||||
config.Server.Cloaks.Initialize()
|
||||
if config.Server.Cloaks.Enabled {
|
||||
if config.Server.Cloaks.Secret == "" || config.Server.Cloaks.Secret == "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4" {
|
||||
return nil, fmt.Errorf("You must generate a new value of ip-cloaking.secret to enable cloaking")
|
||||
}
|
||||
}
|
||||
|
||||
for _, listenAddress := range config.Server.TorListeners.Listeners {
|
||||
found := false
|
||||
|
@ -7,6 +7,7 @@ import (
|
||||
"crypto/rand"
|
||||
"crypto/subtle"
|
||||
"encoding/base32"
|
||||
"encoding/base64"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -37,3 +38,10 @@ func SecretTokensMatch(storedToken string, suppliedToken string) bool {
|
||||
|
||||
return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1
|
||||
}
|
||||
|
||||
// generate a 256-bit secret key that can be written into a config file
|
||||
func GenerateSecretKey() string {
|
||||
var buf [32]byte
|
||||
rand.Read(buf[:])
|
||||
return base64.RawURLEncoding.EncodeToString(buf[:])
|
||||
}
|
||||
|
@ -17,6 +17,7 @@ import (
|
||||
"github.com/oragono/oragono/irc"
|
||||
"github.com/oragono/oragono/irc/logger"
|
||||
"github.com/oragono/oragono/irc/mkcerts"
|
||||
"github.com/oragono/oragono/irc/utils"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
)
|
||||
@ -46,6 +47,7 @@ Usage:
|
||||
oragono upgradedb [--conf <filename>] [--quiet]
|
||||
oragono genpasswd [--conf <filename>] [--quiet]
|
||||
oragono mkcerts [--conf <filename>] [--quiet]
|
||||
oragono mksecret [--conf <filename>] [--quiet]
|
||||
oragono run [--conf <filename>] [--quiet]
|
||||
oragono -h | --help
|
||||
oragono --version
|
||||
@ -128,6 +130,8 @@ Options:
|
||||
log.Fatal(" Could not create certificate:", err.Error())
|
||||
}
|
||||
}
|
||||
} else if arguments["mksecret"].(bool) {
|
||||
fmt.Println(utils.GenerateSecretKey())
|
||||
} else if arguments["run"].(bool) {
|
||||
if !arguments["--quiet"].(bool) {
|
||||
logman.Info("server", fmt.Sprintf("Oragono v%s starting", irc.SemVer))
|
||||
|
@ -204,8 +204,7 @@ server:
|
||||
# secret key to prevent dictionary attacks against cloaked IPs
|
||||
# any high-entropy secret is valid for this purpose:
|
||||
# you MUST generate a new one for your installation.
|
||||
# suggestion: use the output of this command:
|
||||
# python3 -c "import secrets; print(secrets.token_urlsafe())"
|
||||
# suggestion: use the output of `oragono mksecret`
|
||||
# note that rotating this key will invalidate all existing ban masks.
|
||||
secret: "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user