package main import ( "barista.run/oauth" "crypto/rand" "encoding/base64" "fmt" "github.com/zalando/go-keyring" "os" "os/user" ) func setupOauthEncryption() error { const service = "reya.zone-barista-bar" var username string if u, err := user.Current(); err == nil { username = u.Username } else { username = fmt.Sprintf("user-%d", os.Getuid()) } var secretBytes []byte // IMPORTANT: The oauth tokens used by some modules are very sensitive, so // we encrypt them with a random key and store that random key using // libsecret (gnome-keyring or equivalent). If no secret provider is // available, there is no way to store tokens (since the version of // sample-bar used for setup-oauth will have a different key from the one // running in i3bar). See also https://github.com/zalando/go-keyring#linux. secret, err := keyring.Get(service, username) if err == nil { secretBytes, err = base64.RawURLEncoding.DecodeString(secret) } if err != nil { secretBytes = make([]byte, 64) _, err := rand.Read(secretBytes) if err != nil { return err } secret = base64.RawURLEncoding.EncodeToString(secretBytes) err = keyring.Set(service, username, secret) if err != nil { return err } } oauth.SetEncryptionKey(secretBytes) return nil }