arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix(server): encrypt jwt secret at rest

Browse Source 
Signed-off-by: Deluan <deluan@navidrome.org>
This commit is contained in:
Deluan
2024-12-05 21:40:34 -05:00
parent 177a1f853f
commit 7f030b0859
4 changed files with 55 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
utils/encrypt.go
+10 -1
View File
@@ -6,6 +6,7 @@ import (
"crypto/cipher"
"crypto/rand"
"encoding/base64"
"errors"
"io"
"github.com/navidrome/navidrome/log"
@@ -36,7 +37,15 @@ func Encrypt(ctx context.Context, encKey []byte, data string) (string, error) {
return base64.StdEncoding.EncodeToString(ciphertext), nil
}
func Decrypt(ctx context.Context, encKey []byte, encData string) (string, error) {
func Decrypt(ctx context.Context, encKey []byte, encData string) (value string, err error) {
// Recover from any panics
defer func() {
if r := recover(); r != nil {
log.Error(ctx, "Panic during decryption", r)
err = errors.New("decryption panicked")
}
}()
enc, _ := base64.StdEncoding.DecodeString(encData)
block, err := aes.NewCipher(encKey)