mirror of https://github.com/rwf2/Rocket.git
Add support for base16-encoded (a.k.a. hex-encoded) secret keys.
This commit is contained in:
parent
96235615ce
commit
121210c55c
|
@ -34,6 +34,7 @@ state = "0.4.1"
|
|||
time = "0.1"
|
||||
memchr = "2" # TODO: Use pear instead.
|
||||
base64 = "0.10"
|
||||
base16 = "0.2"
|
||||
pear = "0.1"
|
||||
atty = "0.2"
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ use crate::config::{Table, Value, Array, Datetime};
|
|||
use crate::http::private::Key;
|
||||
|
||||
use super::custom_values::*;
|
||||
use {num_cpus, base64};
|
||||
use {num_cpus, base16, base64};
|
||||
|
||||
/// Structure for Rocket application configuration.
|
||||
///
|
||||
|
@ -298,7 +298,7 @@ impl Config {
|
|||
/// * **workers**: Integer (16-bit unsigned)
|
||||
/// * **keep_alive**: Integer
|
||||
/// * **log**: String
|
||||
/// * **secret_key**: String (256-bit base64)
|
||||
/// * **secret_key**: String (256-bit base64 or base16)
|
||||
/// * **tls**: Table (`certs` (path as String), `key` (path as String))
|
||||
pub(crate) fn set_raw(&mut self, name: &str, val: &Value) -> Result<()> {
|
||||
let (id, ok) = (|val| val, |_| Ok(()));
|
||||
|
@ -423,11 +423,11 @@ impl Config {
|
|||
}
|
||||
|
||||
/// Sets the `secret_key` in `self` to `key` which must be a 256-bit base64
|
||||
/// encoded string.
|
||||
/// or base16 encoded string.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// If `key` is not a valid 256-bit base64 encoded string, returns a
|
||||
/// If `key` is not a valid 256-bit encoded string, returns a
|
||||
/// `BadType` error.
|
||||
///
|
||||
/// # Example
|
||||
|
@ -438,20 +438,31 @@ impl Config {
|
|||
/// let mut config = Config::new(Environment::Staging);
|
||||
/// let key = "8Xui8SN4mI+7egV/9dlfYYLGQJeEx4+DwmSQLwDVXJg=";
|
||||
/// assert!(config.set_secret_key(key).is_ok());
|
||||
/// let key = "fe4c5b09a9ac372156e44ce133bc940685ef5e0394d6e9274aadacc21e4f2643";
|
||||
/// assert!(config.set_secret_key(key).is_ok());
|
||||
/// assert!(config.set_secret_key("hello? anyone there?").is_err());
|
||||
/// ```
|
||||
pub fn set_secret_key<K: Into<String>>(&mut self, key: K) -> Result<()> {
|
||||
let key = key.into();
|
||||
let error = self.bad_type("secret_key", "string",
|
||||
"a 256-bit base64 encoded string");
|
||||
"a 256-bit base16 or base64 encoded string");
|
||||
|
||||
if key.len() != 44 {
|
||||
return Err(error);
|
||||
}
|
||||
|
||||
let bytes = match base64::decode(&key) {
|
||||
Ok(bytes) => bytes,
|
||||
Err(_) => return Err(error)
|
||||
let bytes = match key.len() {
|
||||
44 => {
|
||||
match base64::decode(&key) {
|
||||
Ok(bytes) => bytes,
|
||||
Err(_) => return Err(error)
|
||||
}
|
||||
}
|
||||
64 => {
|
||||
match base16::decode(&key) {
|
||||
Ok(bytes) => bytes,
|
||||
Err(_) => return Err(error)
|
||||
}
|
||||
}
|
||||
_ => {
|
||||
return Err(error)
|
||||
}
|
||||
};
|
||||
|
||||
self.secret_key = SecretKey::Provided(Key::from_master(&bytes));
|
||||
|
|
|
@ -92,9 +92,9 @@ limits = { forms = 32768 }
|
|||
The `workers` and `secret_key` default parameters are computed by Rocket
|
||||
automatically; the values above are not valid TOML syntax. When manually
|
||||
specifying the number of workers, the value should be an integer: `workers =
|
||||
10`. When manually specifying the secret key, the value should a 256-bit base64
|
||||
encoded string. Such a string can be generated using a tool such as openssl:
|
||||
`openssl rand -base64 32`.
|
||||
10`. When manually specifying the secret key, the value should a random 256-bit
|
||||
value, encoded as a base64 or base16 string. Such a string can be generated
|
||||
using a tool like openssl: `openssl rand -base64 32`.
|
||||
|
||||
The "global" pseudo-environment can be used to set and/or override configuration
|
||||
parameters globally. A parameter defined in a `[global]` table sets, or
|
||||
|
|
Loading…
Reference in New Issue