3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 10:42:52 +01:00

review fixes

This commit is contained in:
Shivaram Lingamneni 2019-05-12 16:26:23 -04:00
parent 2451737f87
commit 11076be0ee
4 changed files with 18 additions and 2 deletions

View File

@ -731,6 +731,11 @@ func LoadConfig(filename string) (config *Config, err error) {
}
config.Server.Cloaks.Initialize()
if config.Server.Cloaks.Enabled {
if config.Server.Cloaks.Secret == "" || config.Server.Cloaks.Secret == "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4" {
return nil, fmt.Errorf("You must generate a new value of ip-cloaking.secret to enable cloaking")
}
}
for _, listenAddress := range config.Server.TorListeners.Listeners {
found := false

View File

@ -7,6 +7,7 @@ import (
"crypto/rand"
"crypto/subtle"
"encoding/base32"
"encoding/base64"
)
var (
@ -37,3 +38,10 @@ func SecretTokensMatch(storedToken string, suppliedToken string) bool {
return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1
}
// generate a 256-bit secret key that can be written into a config file
func GenerateSecretKey() string {
var buf [32]byte
rand.Read(buf[:])
return base64.RawURLEncoding.EncodeToString(buf[:])
}

View File

@ -17,6 +17,7 @@ import (
"github.com/oragono/oragono/irc"
"github.com/oragono/oragono/irc/logger"
"github.com/oragono/oragono/irc/mkcerts"
"github.com/oragono/oragono/irc/utils"
"golang.org/x/crypto/bcrypt"
"golang.org/x/crypto/ssh/terminal"
)
@ -46,6 +47,7 @@ Usage:
oragono upgradedb [--conf <filename>] [--quiet]
oragono genpasswd [--conf <filename>] [--quiet]
oragono mkcerts [--conf <filename>] [--quiet]
oragono mksecret [--conf <filename>] [--quiet]
oragono run [--conf <filename>] [--quiet]
oragono -h | --help
oragono --version
@ -128,6 +130,8 @@ Options:
log.Fatal(" Could not create certificate:", err.Error())
}
}
} else if arguments["mksecret"].(bool) {
fmt.Println(utils.GenerateSecretKey())
} else if arguments["run"].(bool) {
if !arguments["--quiet"].(bool) {
logman.Info("server", fmt.Sprintf("Oragono v%s starting", irc.SemVer))

View File

@ -204,8 +204,7 @@ server:
# secret key to prevent dictionary attacks against cloaked IPs
# any high-entropy secret is valid for this purpose:
# you MUST generate a new one for your installation.
# suggestion: use the output of this command:
# python3 -c "import secrets; print(secrets.token_urlsafe())"
# suggestion: use the output of `oragono mksecret`
# note that rotating this key will invalidate all existing ban masks.
secret: "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4"