mirror of
https://github.com/grafana/grafana.git
synced 2025-02-13 00:55:47 -06:00
6891bbf03c
* Add prefixed API key gen. * Retrieve API Key by hash * Handle prefixed API keys for login * Add placeholder key generator * fix spelling * add get by hash sqlstore test * reformat query * quote usage of reserved keyword key * use constant * improve error handling and pre-select key type Co-authored-by: Victor Cinaglia <victor@grafana.com> * nits Co-authored-by: Victor Cinaglia <victor@grafana.com>
94 lines
1.8 KiB
Go
94 lines
1.8 KiB
Go
package apikeygenprefix
|
|
|
|
import (
|
|
"encoding/hex"
|
|
"hash/crc32"
|
|
"strings"
|
|
|
|
"github.com/grafana/grafana/pkg/util"
|
|
)
|
|
|
|
const GrafanaPrefix = "gl"
|
|
|
|
type KeyGenResult struct {
|
|
HashedKey string
|
|
ClientSecret string
|
|
}
|
|
|
|
type PrefixedKey struct {
|
|
ServiceID string
|
|
Secret string
|
|
Checksum string
|
|
}
|
|
|
|
func (p *PrefixedKey) Hash() (string, error) {
|
|
hash, err := util.EncodePassword(p.Secret, p.Checksum)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return hash, nil
|
|
}
|
|
|
|
func (p *PrefixedKey) key() string {
|
|
return GrafanaPrefix + p.ServiceID + "_" + p.Secret
|
|
}
|
|
|
|
func (p *PrefixedKey) CalculateChecksum() string {
|
|
checksum := crc32.ChecksumIEEE([]byte(p.key()))
|
|
//checksum to []byte
|
|
checksumBytes := make([]byte, 4)
|
|
checksumBytes[0] = byte(checksum)
|
|
checksumBytes[1] = byte(checksum >> 8)
|
|
checksumBytes[2] = byte(checksum >> 16)
|
|
checksumBytes[3] = byte(checksum >> 24)
|
|
|
|
return hex.EncodeToString(checksumBytes)
|
|
}
|
|
|
|
func (p *PrefixedKey) String() string {
|
|
return p.key() + "_" + p.Checksum
|
|
}
|
|
|
|
func New(serviceID string) (KeyGenResult, error) {
|
|
result := KeyGenResult{}
|
|
|
|
secret, err := util.GetRandomString(32)
|
|
if err != nil {
|
|
return result, err
|
|
}
|
|
|
|
key := PrefixedKey{ServiceID: serviceID, Secret: secret, Checksum: ""}
|
|
key.Checksum = key.CalculateChecksum()
|
|
|
|
result.HashedKey, err = key.Hash()
|
|
if err != nil {
|
|
return result, err
|
|
}
|
|
|
|
result.ClientSecret = key.String()
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func Decode(keyString string) (*PrefixedKey, error) {
|
|
if !strings.HasPrefix(keyString, GrafanaPrefix) {
|
|
return nil, &ErrInvalidApiKey{}
|
|
}
|
|
|
|
parts := strings.Split(keyString, "_")
|
|
if len(parts) != 3 {
|
|
return nil, &ErrInvalidApiKey{}
|
|
}
|
|
|
|
key := &PrefixedKey{
|
|
ServiceID: strings.TrimPrefix(parts[0], GrafanaPrefix),
|
|
Secret: parts[1],
|
|
Checksum: parts[2],
|
|
}
|
|
if key.CalculateChecksum() != key.Checksum {
|
|
return nil, &ErrInvalidApiKey{}
|
|
}
|
|
|
|
return key, nil
|
|
}
|