You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.2 KiB
46 lines
1.2 KiB
3 years ago
|
package main
|
||
|
|
||
|
import (
|
||
|
"barista.run/oauth"
|
||
|
"crypto/rand"
|
||
|
"encoding/base64"
|
||
|
"fmt"
|
||
|
"github.com/zalando/go-keyring"
|
||
|
"os"
|
||
|
"os/user"
|
||
|
)
|
||
|
|
||
|
func setupOauthEncryption() error {
|
||
|
const service = "reya.zone-barista-bar"
|
||
|
var username string
|
||
|
if u, err := user.Current(); err == nil {
|
||
|
username = u.Username
|
||
|
} else {
|
||
|
username = fmt.Sprintf("user-%d", os.Getuid())
|
||
|
}
|
||
|
var secretBytes []byte
|
||
|
// IMPORTANT: The oauth tokens used by some modules are very sensitive, so
|
||
|
// we encrypt them with a random key and store that random key using
|
||
|
// libsecret (gnome-keyring or equivalent). If no secret provider is
|
||
|
// available, there is no way to store tokens (since the version of
|
||
|
// sample-bar used for setup-oauth will have a different key from the one
|
||
|
// running in i3bar). See also https://github.com/zalando/go-keyring#linux.
|
||
|
secret, err := keyring.Get(service, username)
|
||
|
if err == nil {
|
||
|
secretBytes, err = base64.RawURLEncoding.DecodeString(secret)
|
||
|
}
|
||
|
if err != nil {
|
||
|
secretBytes = make([]byte, 64)
|
||
|
_, err := rand.Read(secretBytes)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
secret = base64.RawURLEncoding.EncodeToString(secretBytes)
|
||
|
err = keyring.Set(service, username, secret)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
}
|
||
|
oauth.SetEncryptionKey(secretBytes)
|
||
|
return nil
|
||
|
}
|