Skip to content
Permalink
Browse files

Move key generation to app from keys.sh

This eliminates an external dependency needed for install, and ensures
the app can run on Windows.
  • Loading branch information
thebaer committed Nov 11, 2018
1 parent 96c1974 commit 7bc873580c1447e8a5a7e29d252e617727533268
Showing with 65 additions and 33 deletions.
  1. +2 −2 Makefile
  2. +3 −5 README.md
  3. +18 −0 app.go
  4. +41 −0 keys.go
  5. +0 −25 keys.sh
  6. +1 −1 keys/README.md
@@ -20,8 +20,8 @@ run:
deps :
$(GOGET) -v ./...

install :
./keys.sh
install : build
cmd/writefreely/$(BINARY_NAME) --gen-keys
cd less/; $(MAKE) install $(MFLAGS)

ui : force_look
@@ -52,8 +52,8 @@ mysql -u YOURUSERNAME -p writefreely < schema.sql
# 3) Configure your blog
./writefreely --config
# 4) Generate data encryption keys (especially for production)
./keys.sh
# 4) Generate data encryption keys
./writefreely --gen-keys
# 5) Run
./writefreely
@@ -79,9 +79,7 @@ Ready to hack on your site? Here's a quick overview.
go get github.com/writeas/writefreely/cmd/writefreely
```

Create your database, import the schema, and configure your site [as shown above](#quick-start).

Now generate the CSS:
Create your database, import the schema, and configure your site [as shown above](#quick-start). Then generate the remaining files you'll need:

```bash
make install # Generates encryption keys; installs LESS compiler
18 app.go
@@ -124,6 +124,7 @@ func Serve() {
debugPtr := flag.Bool("debug", false, "Enables debug logging.")
createConfig := flag.Bool("create-config", false, "Creates a basic configuration and exits")
doConfig := flag.Bool("config", false, "Run the configuration process")
genKeys := flag.Bool("gen-keys", false, "Generate encryption and authentication keys")
flag.Parse()

debugging = *debugPtr
@@ -167,6 +168,23 @@ func Serve() {
log.Info("Done!")
}
os.Exit(0)
} else if *genKeys {
errStatus := 0

err := generateKey(emailKeyPath)
if err != nil {
errStatus = 1
}
err = generateKey(cookieAuthKeyPath)
if err != nil {
errStatus = 1
}
err = generateKey(cookieKeyPath)
if err != nil {
errStatus = 1
}

os.Exit(errStatus)
}

log.Info("Initializing...")
41 keys.go
@@ -1,12 +1,17 @@
package writefreely

import (
"crypto/rand"
"github.com/writeas/web-core/log"
"io/ioutil"
"os"
"path/filepath"
)

const (
keysDir = "keys"

encKeysBytes = 32
)

var (
@@ -40,3 +45,39 @@ func initKeys(app *app) error {

return nil
}

// generateKey generates a key at the given path used for the encryption of
// certain user data. Because user data becomes unrecoverable without these
// keys, this won't overwrite any existing key, and instead outputs a message.
func generateKey(path string) error {
// Check if key file exists
if _, err := os.Stat(path); !os.IsNotExist(err) {
log.Info("%s already exists. rm the file if you understand the consquences.", path)
return nil
}

log.Info("Generating %s.", path)
b, err := generateBytes(encKeysBytes)
if err != nil {
log.Error("FAILED. %s. Run writefreely --gen-keys again.", err)
return err
}
err = ioutil.WriteFile(path, b, 0600)
if err != nil {
log.Error("FAILED writing file: %s", err)
return err
}
log.Info("Success.")
return nil
}

// generateBytes returns securely generated random bytes.
func generateBytes(n int) ([]byte, error) {
b := make([]byte, n)
_, err := rand.Read(b)
if err != nil {
return nil, err
}

return b, nil
}
25 keys.sh

This file was deleted.

@@ -1,4 +1,4 @@
Keys
====

Contains keys for encrypting database and session data. Generate necessary keys by running (from the root of the project) `./keys.sh`.
Contains keys for encrypting database and session data. Generate necessary keys by running (from the root of the project) `writefreely --gen-keys`.

0 comments on commit 7bc8735

Please sign in to comment.
You can’t perform that action at this time.