mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-22 18:52:41 +01:00
review fixes
This commit is contained in:
parent
2451737f87
commit
11076be0ee
@ -731,6 +731,11 @@ func LoadConfig(filename string) (config *Config, err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
config.Server.Cloaks.Initialize()
|
config.Server.Cloaks.Initialize()
|
||||||
|
if config.Server.Cloaks.Enabled {
|
||||||
|
if config.Server.Cloaks.Secret == "" || config.Server.Cloaks.Secret == "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4" {
|
||||||
|
return nil, fmt.Errorf("You must generate a new value of ip-cloaking.secret to enable cloaking")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for _, listenAddress := range config.Server.TorListeners.Listeners {
|
for _, listenAddress := range config.Server.TorListeners.Listeners {
|
||||||
found := false
|
found := false
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/subtle"
|
"crypto/subtle"
|
||||||
"encoding/base32"
|
"encoding/base32"
|
||||||
|
"encoding/base64"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -37,3 +38,10 @@ func SecretTokensMatch(storedToken string, suppliedToken string) bool {
|
|||||||
|
|
||||||
return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1
|
return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// generate a 256-bit secret key that can be written into a config file
|
||||||
|
func GenerateSecretKey() string {
|
||||||
|
var buf [32]byte
|
||||||
|
rand.Read(buf[:])
|
||||||
|
return base64.RawURLEncoding.EncodeToString(buf[:])
|
||||||
|
}
|
||||||
|
@ -17,6 +17,7 @@ import (
|
|||||||
"github.com/oragono/oragono/irc"
|
"github.com/oragono/oragono/irc"
|
||||||
"github.com/oragono/oragono/irc/logger"
|
"github.com/oragono/oragono/irc/logger"
|
||||||
"github.com/oragono/oragono/irc/mkcerts"
|
"github.com/oragono/oragono/irc/mkcerts"
|
||||||
|
"github.com/oragono/oragono/irc/utils"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
"golang.org/x/crypto/ssh/terminal"
|
"golang.org/x/crypto/ssh/terminal"
|
||||||
)
|
)
|
||||||
@ -46,6 +47,7 @@ Usage:
|
|||||||
oragono upgradedb [--conf <filename>] [--quiet]
|
oragono upgradedb [--conf <filename>] [--quiet]
|
||||||
oragono genpasswd [--conf <filename>] [--quiet]
|
oragono genpasswd [--conf <filename>] [--quiet]
|
||||||
oragono mkcerts [--conf <filename>] [--quiet]
|
oragono mkcerts [--conf <filename>] [--quiet]
|
||||||
|
oragono mksecret [--conf <filename>] [--quiet]
|
||||||
oragono run [--conf <filename>] [--quiet]
|
oragono run [--conf <filename>] [--quiet]
|
||||||
oragono -h | --help
|
oragono -h | --help
|
||||||
oragono --version
|
oragono --version
|
||||||
@ -128,6 +130,8 @@ Options:
|
|||||||
log.Fatal(" Could not create certificate:", err.Error())
|
log.Fatal(" Could not create certificate:", err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else if arguments["mksecret"].(bool) {
|
||||||
|
fmt.Println(utils.GenerateSecretKey())
|
||||||
} else if arguments["run"].(bool) {
|
} else if arguments["run"].(bool) {
|
||||||
if !arguments["--quiet"].(bool) {
|
if !arguments["--quiet"].(bool) {
|
||||||
logman.Info("server", fmt.Sprintf("Oragono v%s starting", irc.SemVer))
|
logman.Info("server", fmt.Sprintf("Oragono v%s starting", irc.SemVer))
|
||||||
|
@ -204,8 +204,7 @@ server:
|
|||||||
# secret key to prevent dictionary attacks against cloaked IPs
|
# secret key to prevent dictionary attacks against cloaked IPs
|
||||||
# any high-entropy secret is valid for this purpose:
|
# any high-entropy secret is valid for this purpose:
|
||||||
# you MUST generate a new one for your installation.
|
# you MUST generate a new one for your installation.
|
||||||
# suggestion: use the output of this command:
|
# suggestion: use the output of `oragono mksecret`
|
||||||
# python3 -c "import secrets; print(secrets.token_urlsafe())"
|
|
||||||
# note that rotating this key will invalidate all existing ban masks.
|
# note that rotating this key will invalidate all existing ban masks.
|
||||||
secret: "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4"
|
secret: "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user