julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

appview: use actual secrets

anirudh.fi ea1b8530 6a3761d7

options
unified split
Changed files
+9 -3
appview
db
registration.go
+9 -3
appview/db/registration.go 
···

       
1

       
1

       
 

       
package db


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
import (


     

       

       
4

       
+

       
	"crypto/rand"


     

       
4

       
5

       
 

       
	"database/sql"


     

       

       
6

       
+

       
	"encoding/hex"


     

       
5

       
7

       
 

       
	"fmt"


     

       
6

       
8

       
 

       
	"log"


     

       
7

       
9

       
 

       
	"time"


     

       
8

       

       
-

       



     

       
9

       

       
-

       
	"github.com/google/uuid"


     

       
10

       
10

       
 

       
)


     

       
11

       
11

       
 

       



     

       
12

       
12

       
 

       
type Registration struct {


     
···

       
101

       
101

       
 

       
	return &registration, nil


     

       
102

       
102

       
 

       
}


     

       
103

       
103

       
 

       



     

       

       
104

       
+

       
func genSecret() string {


     

       

       
105

       
+

       
	key := make([]byte, 32)


     

       

       
106

       
+

       
	rand.Read(key)


     

       

       
107

       
+

       
	return hex.EncodeToString(key)


     

       

       
108

       
+

       
}


     

       

       
109

       
+

       



     

       
104

       
110

       
 

       
func (d *DB) GenerateRegistrationKey(domain, did string) (string, error) {


     

       
105

       
111

       
 

       
	// sanity check: does this domain already have a registration?


     

       
106

       
112

       
 

       
	reg, err := d.RegistrationByDomain(domain)


     
···

       
120

       
126

       
 

       
		}


     

       
121

       
127

       
 

       
	}


     

       
122

       
128

       
 

       



     

       
123

       

       
-

       
	secret := uuid.New().String()


     

       

       
129

       
+

       
	secret := genSecret()


     

       
124

       
130

       
 

       



     

       
125

       
131

       
 

       
	_, err = d.db.Exec(`


     

       
126

       
132

       
 

       
		insert into registrations (domain, did, secret)