1
0
Fork 0
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

46 lines
1.2 KiB

package main
import (
"barista.run/oauth"
"crypto/rand"
"encoding/base64"
"fmt"
"github.com/zalando/go-keyring"
"os"
"os/user"
)
func setupOauthEncryption() error {
const service = "reya.zone-barista-bar"
var username string
if u, err := user.Current(); err == nil {
username = u.Username
} else {
username = fmt.Sprintf("user-%d", os.Getuid())
}
var secretBytes []byte
// IMPORTANT: The oauth tokens used by some modules are very sensitive, so
// we encrypt them with a random key and store that random key using
// libsecret (gnome-keyring or equivalent). If no secret provider is
// available, there is no way to store tokens (since the version of
// sample-bar used for setup-oauth will have a different key from the one
// running in i3bar). See also https://github.com/zalando/go-keyring#linux.
secret, err := keyring.Get(service, username)
if err == nil {
secretBytes, err = base64.RawURLEncoding.DecodeString(secret)
}
if err != nil {
secretBytes = make([]byte, 64)
_, err := rand.Read(secretBytes)
if err != nil {
return err
}
secret = base64.RawURLEncoding.EncodeToString(secretBytes)
err = keyring.Set(service, username, secret)
if err != nil {
return err
}
}
oauth.SetEncryptionKey(secretBytes)
return nil
}