internal/config: refactor option parsing

- authorize: build whitelist from policy's URLs instead of strings. - internal/httputil: merged httputil and https package. - internal/config: merged config and policy packages. - internal/metrics: removed unused measure struct. - proxy/clients: refactor Addr fields to be urls. - proxy: remove unused extend deadline function. - proxy: use handler middleware for reverse proxy leg. - proxy: change the way websocket requests are made (route based). General improvements - omitted value from range in several cases where for loop could be simplified. - added error checking to many tests. - standardize url parsing. - remove unnecessary return statements. - proxy: add self-signed certificate support. #179 - proxy: add skip tls certificate verification. #179 - proxy: Refactor websocket support to be route based. #204
2025-08-04 09:19:39 +02:00 · 2019-07-04 10:12:25 -07:00 · 2019-07-04 10:12:25 -07:00 · 7558d5b0de
commit 7558d5b0de
parent 28efa3359b
38 changed files with 1354 additions and 1079 deletions
--- a/internal/cryptutil/encrypt.go
+++ b/internal/cryptutil/encrypt.go
@ -13,14 +13,32 @@ import (
 	"golang.org/x/crypto/chacha20poly1305"
 )

+const DefaultKeySize = 32
+
 // GenerateKey generates a random 32-byte key.
+//
 // Panics if source of randomness fails.
 func GenerateKey() []byte {
-	key := make([]byte, 32)
-	if _, err := rand.Read(key); err != nil {
+	return randomBytes(DefaultKeySize)
+}
+
+// GenerateRandomString returns base64 encoded securely generated random string
+// of a given set of bytes.
+//
+// Panics if source of randomness fails.
+func GenerateRandomString(c int) string {
+	return base64.StdEncoding.EncodeToString(randomBytes(c))
+}
+
+func randomBytes(c int) []byte {
+	if c < 0 {
+		c = DefaultKeySize
+	}
+	b := make([]byte, c)
+	if _, err := rand.Read(b); err != nil {
 		panic(err)
 	}
-	return key
+	return b
 }

 // Cipher provides methods to encrypt and decrypt values.
--- a/internal/cryptutil/encrypt_test.go
+++ b/internal/cryptutil/encrypt_test.go
@ -1,8 +1,9 @@
-package cryptutil // import "github.com/pomerium/pomerium/internal/cryptutil"
+package cryptutil

 import (
 	"crypto/rand"
 	"crypto/sha1"
+	"encoding/base64"
 	"fmt"
 	"reflect"
 	"sync"
@ -162,3 +163,29 @@ func TestCipherDataRace(t *testing.T) {
 	}
 	wg.Wait()
 }
+
+func TestGenerateRandomString(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name string
+		c    int
+		want int
+	}{
+		{"simple", 32, 32},
+		{"zero", 0, 0},
+		{"negative", -1, 32},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			o := GenerateRandomString(tt.c)
+			b, err := base64.StdEncoding.DecodeString(o)
+			if err != nil {
+				t.Error(err)
+			}
+			got := len(b)
+			if got != tt.want {
+				t.Errorf("GenerateRandomString() = %d, want %d", got, tt.want)
+			}
+		})
+	}
+}