diff --git a/api/apikey/apikey.go b/api/apikey/apikey.go index 8302e6b73..41b38f17a 100644 --- a/api/apikey/apikey.go +++ b/api/apikey/apikey.go @@ -1,9 +1,6 @@ package apikey import ( - "crypto/rand" - "io" - portainer "github.com/portainer/portainer/api" ) @@ -18,13 +15,3 @@ type APIKeyService interface { DeleteAPIKey(apiKeyID portainer.APIKeyID) error InvalidateUserKeyCache(userId portainer.UserID) bool } - -// generateRandomKey generates a random key of specified length -// source: https://github.com/gorilla/securecookie/blob/master/securecookie.go#L515 -func generateRandomKey(length int) []byte { - k := make([]byte, length) - if _, err := io.ReadFull(rand.Reader, k); err != nil { - return nil - } - return k -} diff --git a/api/apikey/apikey_test.go b/api/apikey/apikey_test.go index dc154bab3..b41329f72 100644 --- a/api/apikey/apikey_test.go +++ b/api/apikey/apikey_test.go @@ -3,6 +3,7 @@ package apikey import ( "testing" + "github.com/portainer/portainer/api/internal/securecookie" "github.com/stretchr/testify/assert" ) @@ -33,7 +34,7 @@ func Test_generateRandomKey(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got := generateRandomKey(tt.wantLenth) + got := securecookie.GenerateRandomKey(tt.wantLenth) is.Equal(tt.wantLenth, len(got)) }) } @@ -41,7 +42,7 @@ func Test_generateRandomKey(t *testing.T) { t.Run("Generated keys are unique", func(t *testing.T) { keys := make(map[string]bool) for i := 0; i < 100; i++ { - key := generateRandomKey(8) + key := securecookie.GenerateRandomKey(8) _, ok := keys[string(key)] is.False(ok) keys[string(key)] = true diff --git a/api/apikey/service.go b/api/apikey/service.go index 742bc7bc1..b60efaf9c 100644 --- a/api/apikey/service.go +++ b/api/apikey/service.go @@ -8,6 +8,7 @@ import ( portainer "github.com/portainer/portainer/api" "github.com/portainer/portainer/api/dataservices" + "github.com/portainer/portainer/api/internal/securecookie" "github.com/pkg/errors" ) @@ -39,7 +40,7 @@ func (a *apiKeyService) HashRaw(rawKey string) []byte { // GenerateApiKey generates a raw API key for a user (for one-time display). // The generated API key is stored in the cache and database. func (a *apiKeyService) GenerateApiKey(user portainer.User, description string) (string, *portainer.APIKey, error) { - randKey := generateRandomKey(32) + randKey := securecookie.GenerateRandomKey(32) encodedRawAPIKey := base64.StdEncoding.EncodeToString(randKey) prefixedAPIKey := portainerAPIKeyPrefix + encodedRawAPIKey diff --git a/api/go.mod b/api/go.mod index b0cb53852..e6390e92e 100644 --- a/api/go.mod +++ b/api/go.mod @@ -27,7 +27,6 @@ require ( github.com/google/go-cmp v0.5.9 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 - github.com/gorilla/securecookie v1.1.1 github.com/gorilla/websocket v1.5.0 github.com/hashicorp/golang-lru v0.5.4 github.com/joho/godotenv v1.4.0 diff --git a/api/go.sum b/api/go.sum index c41426a5e..c284b933a 100644 --- a/api/go.sum +++ b/api/go.sum @@ -203,8 +203,6 @@ github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= -github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= diff --git a/api/internal/securecookie/securecookie.go b/api/internal/securecookie/securecookie.go new file mode 100644 index 000000000..263171504 --- /dev/null +++ b/api/internal/securecookie/securecookie.go @@ -0,0 +1,16 @@ +package securecookie + +import ( + "crypto/rand" + "io" +) + +// GenerateRandomKey generates a random key of specified length +// source: https://github.com/gorilla/securecookie/blob/master/securecookie.go#L515 +func GenerateRandomKey(length int) []byte { + k := make([]byte, length) + if _, err := io.ReadFull(rand.Reader, k); err != nil { + return nil + } + return k +} diff --git a/api/jwt/jwt.go b/api/jwt/jwt.go index d0e804378..4ae0f1820 100644 --- a/api/jwt/jwt.go +++ b/api/jwt/jwt.go @@ -9,7 +9,7 @@ import ( "github.com/portainer/portainer/api/dataservices" "github.com/golang-jwt/jwt/v4" - "github.com/gorilla/securecookie" + "github.com/portainer/portainer/api/internal/securecookie" "github.com/rs/zerolog/log" )