Compare commits
5 Commits
1.0.0-5-g5
...
2023.11.21
| Author | SHA1 | Date | |
|---|---|---|---|
| 1bf8d755ed | |||
| ced46bf6eb | |||
| cf8f026574 | |||
| 891cfa7540 | |||
| d38f0be312 |
2
.env.dist
Normal file
2
.env.dist
Normal file
@ -0,0 +1,2 @@
|
||||
GPG_SIGNING_KEY=
|
||||
ARCH_TARGETS='amd64 arm arm64 386'
|
||||
5
.gitignore
vendored
5
.gitignore
vendored
@ -3,4 +3,7 @@
|
||||
/bin
|
||||
/testdata
|
||||
/release
|
||||
/out
|
||||
/out
|
||||
/.mktools
|
||||
/tools
|
||||
/.env
|
||||
13
Jenkinsfile
vendored
13
Jenkinsfile
vendored
@ -25,19 +25,6 @@ pipeline {
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Release') {
|
||||
steps {
|
||||
script {
|
||||
sh 'make tidy'
|
||||
sh 'ARCH_TARGETS="amd64 arm arm64 mipsle" make release'
|
||||
|
||||
def attachments = sh(returnStdout: true, script: 'find release -maxdepth 1 -type f').split(' ')
|
||||
gitea.release('forge-jenkins', 'Cadoles', 'go-http-peering', [
|
||||
'attachments': attachments
|
||||
])
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
post {
|
||||
|
||||
33
Makefile
33
Makefile
@ -1,3 +1,5 @@
|
||||
SHELL := /bin/bash
|
||||
|
||||
test:
|
||||
go clean -testcache
|
||||
go test -cover -v ./...
|
||||
@ -5,8 +7,11 @@ test:
|
||||
watch:
|
||||
go run -mod=readonly github.com/cortesi/modd/cmd/modd@latest
|
||||
|
||||
release:
|
||||
script/release
|
||||
release: tidy .env
|
||||
( set -o allexport && source .env && set +o allexport && script/release )
|
||||
|
||||
.env:
|
||||
cp .env.dist .env
|
||||
|
||||
tidy:
|
||||
go mod tidy
|
||||
@ -17,4 +22,26 @@ lint:
|
||||
bin/keygen:
|
||||
CGO_ENABLED=0 go build -o bin/keygen ./cmd/keygen
|
||||
|
||||
.PHONY: test lint doc sequence-diagram bin/keygen release
|
||||
.PHONY: test lint doc sequence-diagram bin/keygen release
|
||||
|
||||
gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release
|
||||
GITEA_RELEASE_PROJECT="go-http-peering" \
|
||||
GITEA_RELEASE_ORG="Cadoles" \
|
||||
GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
|
||||
GITEA_RELEASE_VERSION="$(MKT_PROJECT_VERSION)" \
|
||||
GITEA_RELEASE_NAME="$(MKT_PROJECT_VERSION)" \
|
||||
GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
|
||||
GITEA_RELEASE_IS_DRAFT="false" \
|
||||
GITEA_RELEASE_BODY="" \
|
||||
GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \
|
||||
tools/gitea-release/bin/gitea-release.sh
|
||||
|
||||
.PHONY: mktools
|
||||
mktools:
|
||||
rm -rf .mktools
|
||||
curl -k -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL)
|
||||
|
||||
.mktools:
|
||||
$(MAKE) mktools
|
||||
|
||||
-include .mktools/*.mk
|
||||
@ -9,6 +9,7 @@ import (
|
||||
|
||||
jwt "github.com/dgrijalva/jwt-go"
|
||||
"github.com/pkg/errors"
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
||||
func EncodePublicKeyToPEM(key crypto.PublicKey) ([]byte, error) {
|
||||
@ -28,25 +29,23 @@ func DecodePEMToPublicKey(pem []byte) (crypto.PublicKey, error) {
|
||||
}
|
||||
|
||||
func DecodePEMEncryptedPrivateKey(key []byte, passphrase []byte) (*rsa.PrivateKey, error) {
|
||||
// Parse PEM block
|
||||
var block *pem.Block
|
||||
if block, _ = pem.Decode(key); block == nil {
|
||||
return nil, errors.New("invalid PEM block")
|
||||
}
|
||||
var (
|
||||
rawKey interface{}
|
||||
err error
|
||||
)
|
||||
|
||||
decryptedBlock, err := x509.DecryptPEMBlock(block, passphrase)
|
||||
if len(passphrase) == 0 {
|
||||
rawKey, err = ssh.ParseRawPrivateKey(key)
|
||||
} else {
|
||||
rawKey, err = ssh.ParseRawPrivateKeyWithPassphrase(key, passphrase)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
var parsedKey interface{}
|
||||
if parsedKey, err = x509.ParsePKCS1PrivateKey(decryptedBlock); err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
var privateKey *rsa.PrivateKey
|
||||
var ok bool
|
||||
if privateKey, ok = parsedKey.(*rsa.PrivateKey); !ok {
|
||||
if privateKey, ok = rawKey.(*rsa.PrivateKey); !ok {
|
||||
return nil, errors.New("invalid RSA private key")
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,8 @@ set -eo pipefail
|
||||
OS_TARGETS=(linux)
|
||||
ARCH_TARGETS=${ARCH_TARGETS:-amd64 mipsle}
|
||||
|
||||
export GOMIPS=softfloat
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
|
||||
|
||||
function build {
|
||||
@ -35,6 +37,10 @@ function build {
|
||||
upx --best "$destdir/$name"
|
||||
fi
|
||||
|
||||
if [ ! -z "${GPG_SIGNING_KEY}" ]; then
|
||||
echo "signing '$destdir/$name' with gpg key '$GPG_SIGNING_KEY'..."
|
||||
gpg --sign --default-key "${GPG_SIGNING_KEY}" --detach-sign --output "$destdir/$name.sig" "$destdir/$name"
|
||||
fi
|
||||
}
|
||||
|
||||
function copy {
|
||||
|
||||
@ -8,14 +8,13 @@ import (
|
||||
"errors"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
peeringCrypto "forge.cadoles.com/Cadoles/go-http-peering/crypto"
|
||||
|
||||
peering "forge.cadoles.com/Cadoles/go-http-peering"
|
||||
jwt "github.com/dgrijalva/jwt-go"
|
||||
|
||||
"net/http"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -38,7 +37,6 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
|
||||
|
||||
middleware := func(next http.Handler) http.Handler {
|
||||
fn := func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
serverToken := r.Header.Get(ServerTokenHeader)
|
||||
if serverToken == "" {
|
||||
sendError(w, http.StatusUnauthorized)
|
||||
@ -77,6 +75,7 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
|
||||
return
|
||||
}
|
||||
sendError(w, http.StatusUnauthorized)
|
||||
return
|
||||
case ErrPeerRejected:
|
||||
if err := store.UpdateLastContact(serverClaims.PeerID, r.RemoteAddr, time.Now()); err != nil {
|
||||
logger.Printf("[ERROR] %s", err)
|
||||
@ -115,7 +114,6 @@ func Authenticate(store peering.Store, key *rsa.PublicKey, funcs ...OptionFunc)
|
||||
r.Body = ioutil.NopCloser(bytes.NewBuffer(body))
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
|
||||
}
|
||||
return http.HandlerFunc(fn)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user