rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

internal/config: Cache csrf secret

Browse source
This commit is contained in:
Tom Wiesing 2023-11-20 13:25:13 +01:00
parent 71ef3a290e
commit dfb97405ed
No known key found for this signature in database
1 changed files with 15 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

24
internal/config/config.go
View file

@ -7,6 +7,7 @@ import (
"reflect" "reflect"
"time" "time"
"github.com/tkw1536/pkglib/lazy"
"github.com/tkw1536/pkglib/reflectx" "github.com/tkw1536/pkglib/reflectx"
"github.com/tkw1536/pkglib/yamlx" "github.com/tkw1536/pkglib/yamlx"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
@ -46,6 +47,9 @@ type Config struct {
// ConfigPath is the path this configuration was loaded from (if any) // ConfigPath is the path this configuration was loaded from (if any)
ConfigPath string `yaml:"-"` ConfigPath string `yaml:"-"`
// csrfSecret holds the cached csrf secret
csrfSecret lazy.Lazy[[]byte]
} }
func zeroSensitive(v reflect.Value) { func zeroSensitive(v reflect.Value) {
@ -113,15 +117,17 @@ func Marshal(config *Config, previous []byte) ([]byte, error) {
// CSRFSecret return the csrfSecret derived from the session secret // CSRFSecret return the csrfSecret derived from the session secret
func (config *Config) CSRFSecret() []byte { func (config *Config) CSRFSecret() []byte {
// take the hash of the secret return config.csrfSecret.Get(func() []byte {
h := fnv.New32a() // take the hash of the secret
h.Write([]byte(config.SessionSecret)) h := fnv.New32a()
h.Write([]byte(config.SessionSecret))
// seed a random number generator // seed a random number generator
rand := rand.New(rand.NewSource(int64(h.Sum32()))) rand := rand.New(rand.NewSource(int64(h.Sum32())))
// take a bunch of bytes from it // take a bunch of bytes from it
secret := make([]byte, 32) secret := make([]byte, 32)
rand.Read(secret) rand.Read(secret)
return secret return secret
})
} }