151e07f37e
- In Go 1.21 the crypto/sha256 [got a massive improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the SHA instructions for AMD64 CPUs, which sha256-simd already was doing. The performance is now on par and I think it's preferable to use the standard library rather than a package when possible. ``` cpu: AMD Ryzen 5 3600X 6-Core Processor │ simd.txt │ go.txt │ │ sec/op │ sec/op vs base │ Hash/8Bytes-12 63.25n ± 1% 73.38n ± 1% +16.02% (p=0.002 n=6) Hash/64Bytes-12 98.73n ± 1% 105.30n ± 1% +6.65% (p=0.002 n=6) Hash/1K-12 567.2n ± 1% 572.8n ± 1% +0.99% (p=0.002 n=6) Hash/8K-12 4.062µ ± 1% 4.062µ ± 1% ~ (p=0.396 n=6) Hash/1M-12 512.1µ ± 0% 510.6µ ± 1% ~ (p=0.485 n=6) Hash/5M-12 2.556m ± 1% 2.564m ± 0% ~ (p=0.093 n=6) Hash/10M-12 5.112m ± 0% 5.127m ± 0% ~ (p=0.093 n=6) geomean 13.82µ 14.27µ +3.28% │ simd.txt │ go.txt │ │ B/s │ B/s vs base │ Hash/8Bytes-12 120.6Mi ± 1% 104.0Mi ± 1% -13.81% (p=0.002 n=6) Hash/64Bytes-12 618.2Mi ± 1% 579.8Mi ± 1% -6.22% (p=0.002 n=6) Hash/1K-12 1.682Gi ± 1% 1.665Gi ± 1% -0.98% (p=0.002 n=6) Hash/8K-12 1.878Gi ± 1% 1.878Gi ± 1% ~ (p=0.310 n=6) Hash/1M-12 1.907Gi ± 0% 1.913Gi ± 1% ~ (p=0.485 n=6) Hash/5M-12 1.911Gi ± 1% 1.904Gi ± 0% ~ (p=0.093 n=6) Hash/10M-12 1.910Gi ± 0% 1.905Gi ± 0% ~ (p=0.093 n=6) geomean 1.066Gi 1.032Gi -3.18% ``` (cherry picked from commitabd94ff5b5
) (cherry picked from commit15e81637ab
) Conflicts: go.mod https://codeberg.org/forgejo/forgejo/pulls/1581 (cherry picked from commit325d92917f
) Conflicts: modules/context/context_cookie.go https://codeberg.org/forgejo/forgejo/pulls/1617 (cherry picked from commit358819e895
) (cherry picked from commit362fd7aae1
) (cherry picked from commit4f64ee294e
) (cherry picked from commit4bde77f7b1
) (cherry picked from commit1311e30a81
) (cherry picked from commit57b69e334c
) (cherry picked from commit52dc892fad
) (cherry picked from commit77f54f4187
) (cherry picked from commit0d0392f3a5
) Conflicts: go.mod https://codeberg.org/forgejo/forgejo/pulls/2034 (cherry picked from commit92798364e8
) (cherry picked from commit43d2181277
) (cherry picked from commit45c88b86a3
) (cherry picked from commita1cd6f4e3a
) (cherry picked from commit01191dc2ad
)
128 lines
3.2 KiB
Go
128 lines
3.2 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package token
|
|
|
|
import (
|
|
"context"
|
|
crypto_hmac "crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/base32"
|
|
"fmt"
|
|
"time"
|
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/util"
|
|
)
|
|
|
|
// A token is a verifiable container describing an action.
|
|
//
|
|
// A token has a dynamic length depending on the contained data and has the following structure:
|
|
// | Token Version | User ID | HMAC | Payload |
|
|
//
|
|
// The payload is verifiable by the generated HMAC using the user secret. It contains:
|
|
// | Timestamp | Action/Handler Type | Action/Handler Data |
|
|
|
|
const (
|
|
tokenVersion1 byte = 1
|
|
tokenLifetimeInYears int = 1
|
|
)
|
|
|
|
type HandlerType byte
|
|
|
|
const (
|
|
UnknownHandlerType HandlerType = iota
|
|
ReplyHandlerType
|
|
UnsubscribeHandlerType
|
|
)
|
|
|
|
var encodingWithoutPadding = base32.StdEncoding.WithPadding(base32.NoPadding)
|
|
|
|
type ErrToken struct {
|
|
context string
|
|
}
|
|
|
|
func (err *ErrToken) Error() string {
|
|
return "invalid email token: " + err.context
|
|
}
|
|
|
|
func (err *ErrToken) Unwrap() error {
|
|
return util.ErrInvalidArgument
|
|
}
|
|
|
|
// CreateToken creates a token for the action/user tuple
|
|
func CreateToken(ht HandlerType, user *user_model.User, data []byte) (string, error) {
|
|
payload, err := util.PackData(
|
|
time.Now().AddDate(tokenLifetimeInYears, 0, 0).Unix(),
|
|
ht,
|
|
data,
|
|
)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
packagedData, err := util.PackData(
|
|
user.ID,
|
|
generateHmac([]byte(user.Rands), payload),
|
|
payload,
|
|
)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return encodingWithoutPadding.EncodeToString(append([]byte{tokenVersion1}, packagedData...)), nil
|
|
}
|
|
|
|
// ExtractToken extracts the action/user tuple from the token and verifies the content
|
|
func ExtractToken(ctx context.Context, token string) (HandlerType, *user_model.User, []byte, error) {
|
|
data, err := encodingWithoutPadding.DecodeString(token)
|
|
if err != nil {
|
|
return UnknownHandlerType, nil, nil, err
|
|
}
|
|
|
|
if len(data) < 1 {
|
|
return UnknownHandlerType, nil, nil, &ErrToken{"no data"}
|
|
}
|
|
|
|
if data[0] != tokenVersion1 {
|
|
return UnknownHandlerType, nil, nil, &ErrToken{fmt.Sprintf("unsupported token version: %v", data[0])}
|
|
}
|
|
|
|
var userID int64
|
|
var hmac []byte
|
|
var payload []byte
|
|
if err := util.UnpackData(data[1:], &userID, &hmac, &payload); err != nil {
|
|
return UnknownHandlerType, nil, nil, err
|
|
}
|
|
|
|
user, err := user_model.GetUserByID(ctx, userID)
|
|
if err != nil {
|
|
return UnknownHandlerType, nil, nil, err
|
|
}
|
|
|
|
if !crypto_hmac.Equal(hmac, generateHmac([]byte(user.Rands), payload)) {
|
|
return UnknownHandlerType, nil, nil, &ErrToken{"verification failed"}
|
|
}
|
|
|
|
var expiresUnix int64
|
|
var handlerType HandlerType
|
|
var innerPayload []byte
|
|
if err := util.UnpackData(payload, &expiresUnix, &handlerType, &innerPayload); err != nil {
|
|
return UnknownHandlerType, nil, nil, err
|
|
}
|
|
|
|
if time.Unix(expiresUnix, 0).Before(time.Now()) {
|
|
return UnknownHandlerType, nil, nil, &ErrToken{"token expired"}
|
|
}
|
|
|
|
return handlerType, user, innerPayload, nil
|
|
}
|
|
|
|
// generateHmac creates a trunkated HMAC for the given payload
|
|
func generateHmac(secret, payload []byte) []byte {
|
|
mac := crypto_hmac.New(sha256.New, secret)
|
|
mac.Write(payload)
|
|
hmac := mac.Sum(nil)
|
|
|
|
return hmac[:10] // RFC2104 recommends not using less then 80 bits
|
|
}
|