3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00

review fixes

This commit is contained in:
Shivaram Lingamneni 2019-05-12 16:26:23 -04:00
parent 2451737f87
commit 11076be0ee
4 changed files with 18 additions and 2 deletions

View File

@ -731,6 +731,11 @@ func LoadConfig(filename string) (config *Config, err error) {
} }
config.Server.Cloaks.Initialize() config.Server.Cloaks.Initialize()
if config.Server.Cloaks.Enabled {
if config.Server.Cloaks.Secret == "" || config.Server.Cloaks.Secret == "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4" {
return nil, fmt.Errorf("You must generate a new value of ip-cloaking.secret to enable cloaking")
}
}
for _, listenAddress := range config.Server.TorListeners.Listeners { for _, listenAddress := range config.Server.TorListeners.Listeners {
found := false found := false

View File

@ -7,6 +7,7 @@ import (
"crypto/rand" "crypto/rand"
"crypto/subtle" "crypto/subtle"
"encoding/base32" "encoding/base32"
"encoding/base64"
) )
var ( var (
@ -37,3 +38,10 @@ func SecretTokensMatch(storedToken string, suppliedToken string) bool {
return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1 return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1
} }
// generate a 256-bit secret key that can be written into a config file
func GenerateSecretKey() string {
var buf [32]byte
rand.Read(buf[:])
return base64.RawURLEncoding.EncodeToString(buf[:])
}

View File

@ -17,6 +17,7 @@ import (
"github.com/oragono/oragono/irc" "github.com/oragono/oragono/irc"
"github.com/oragono/oragono/irc/logger" "github.com/oragono/oragono/irc/logger"
"github.com/oragono/oragono/irc/mkcerts" "github.com/oragono/oragono/irc/mkcerts"
"github.com/oragono/oragono/irc/utils"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
"golang.org/x/crypto/ssh/terminal" "golang.org/x/crypto/ssh/terminal"
) )
@ -46,6 +47,7 @@ Usage:
oragono upgradedb [--conf <filename>] [--quiet] oragono upgradedb [--conf <filename>] [--quiet]
oragono genpasswd [--conf <filename>] [--quiet] oragono genpasswd [--conf <filename>] [--quiet]
oragono mkcerts [--conf <filename>] [--quiet] oragono mkcerts [--conf <filename>] [--quiet]
oragono mksecret [--conf <filename>] [--quiet]
oragono run [--conf <filename>] [--quiet] oragono run [--conf <filename>] [--quiet]
oragono -h | --help oragono -h | --help
oragono --version oragono --version
@ -128,6 +130,8 @@ Options:
log.Fatal(" Could not create certificate:", err.Error()) log.Fatal(" Could not create certificate:", err.Error())
} }
} }
} else if arguments["mksecret"].(bool) {
fmt.Println(utils.GenerateSecretKey())
} else if arguments["run"].(bool) { } else if arguments["run"].(bool) {
if !arguments["--quiet"].(bool) { if !arguments["--quiet"].(bool) {
logman.Info("server", fmt.Sprintf("Oragono v%s starting", irc.SemVer)) logman.Info("server", fmt.Sprintf("Oragono v%s starting", irc.SemVer))

View File

@ -204,8 +204,7 @@ server:
# secret key to prevent dictionary attacks against cloaked IPs # secret key to prevent dictionary attacks against cloaked IPs
# any high-entropy secret is valid for this purpose: # any high-entropy secret is valid for this purpose:
# you MUST generate a new one for your installation. # you MUST generate a new one for your installation.
# suggestion: use the output of this command: # suggestion: use the output of `oragono mksecret`
# python3 -c "import secrets; print(secrets.token_urlsafe())"
# note that rotating this key will invalidate all existing ban masks. # note that rotating this key will invalidate all existing ban masks.
secret: "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4" secret: "siaELnk6Kaeo65K3RCrwJjlWaZ-Bt3WuZ2L8MXLbNb4"