Implements generator cli for secrets

[sdwolfz]

Adds CLI subcommands for generating secrets.

This was inspired by a simmilar command available in Ruby on Rails: rails secret which generates a new value for SECRET_KEY_BASE, used to encrypt cookies.

To use this you execute the following commands:

./gitea generate secret INTERNAL_TOKEN
# eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1MTg5Njk4Njd9.X7-Qt89vFqLD1iS1UtAdGuVwvI7pz9n5EdqDuaHRNlI
./gitea generate secret LFS_JWT_SECRET
# SVxQQXbDGDqicXJoy9ygiHQKg6A79lTIuWoh_KfzPTI
./gitea generate secret SECRET_KEY
# FOQ5XMfOHo2GUc0FcnPJzf7MCvfUbqqkhkK1fJjXCx8UT1jYAxE2bIigI392j40x

I also modified the length of SECRET_KEY from 10 to 64 since it felt kind of short comapred to the rest.

The main use case for this would be an automated setup which has app.ini as a template and the values for INTERNAL_TOKEN, LFS_JWT_SECRET, and SECRET_KEY would be generated by the CLI commands, then added to the template. This would ensure no secrets would need to be hardcoded, and since they are generated by the same functions used in the /install endpoint, they will be consistent.

Here is an example of such automated setup I developed this for (just to give you an idea of how I intend this to be used):

An ansible role that generates the ini file:

- name: Generate postgres password
  shell: 'cat /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w ${1:-32} | head -n 1'
  register: new_postgres_password

- name: Generate internal token
  shell: 'docker run --rm {{ project_name }}_web /work/gitea generate secret INTERNAL_TOKEN | tail -n 1'
  register: new_internal_token

- name: Generate LFS JWT secret
  shell: 'docker run --rm {{ project_name }}_web /work/gitea generate secret LFS_JWT_SECRET | tail -n 1'
  register: new_lfs_jwt_secret

- name: Generate secret key
  shell: 'docker run --rm {{ project_name }}_web /work/gitea generate secret SECRET_KEY | tail -n 1'
  register: new_secret_key

- name: Create the app.ini file from the template
  template:
    src: '{{ project_repo }}/secrets/templates/app.ini.j2'
    dest: '{{ project_repo }}/secrets/app.ini'
  vars:
    postgres_password: '{{ new_postgres_password.stdout }}'
    internal_token: '{{ new_internal_token.stdout }}'
    lfs_jwt_secret: '{{ new_lfs_jwt_secret.stdout }}'
    secret_key: '{{ new_secret_key.stdout }}'

And the ini file template:

APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod

[security]
INTERNAL_TOKEN = {{ internal_token }}
INSTALL_LOCK   = true
SECRET_KEY     = {{ secret_key }}

[database]
DB_TYPE  = postgres
HOST     = postgres:5432
NAME     = gitea
USER     = postgres
PASSWD   = {{ postgres_password }}
SSL_MODE = disable
PATH     = /work/data/gitea.db

[repository]
ROOT          = /work/repos
FORCE_PRIVATE = true

[server]
SSH_DOMAIN       = gitea.local
DOMAIN           = gitea.local
HTTP_PORT        = 3000
ROOT_URL         = http://gitea.local:3000/
DISABLE_SSH      = false
SSH_PORT         = 22
START_SSH_SERVER = true
LFS_START_SERVER = true
LFS_CONTENT_PATH = /work/data/lfs
LFS_JWT_SECRET   = {{ lfs_jwt_secret }}
OFFLINE_MODE     = true

[mailer]
ENABLED = false

[markdown]
ENABLE_HARD_LINE_BREAK = true

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = true
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = true
DEFAULT_KEEP_EMAIL_PRIVATE        = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING       = false
NO_REPLY_ADDRESS                  = noreply.gitea.local

[picture]
DISABLE_GRAVATAR        = true
ENABLE_FEDERATED_AVATAR = false

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[session]
PROVIDER = file

[log]
MODE      = console,file
LEVEL     = Info
ROOT_PATH = /work/log

About the implementation:

• I extracted the generation logic into it's own package and reuse the same functions as part of the generate CLI subcommand and as part of the install setup.
• Existing functionality is the same, except for the length of SECRET_KEY which I feel it's better to be longer.
• This is the first (non trivial) golang code I've ever written so please let me know if I've made any mistakes.
• I am not sure how to write tests for all this yet.

[codecov-io]

Codecov Report

Merging #3531 into master will decrease coverage by 0.03%.
The diff coverage is 15.73%.

@@            Coverage Diff             @@
##           master    #3531      +/-   ##
==========================================
- Coverage   35.68%   35.65%   -0.04%     
==========================================
  Files         281      283       +2     
  Lines       40701    40744      +43     
==========================================
+ Hits        14524    14526       +2     
- Misses      24029    24070      +41     
  Partials     2148     2148

Impacted Files	Coverage Δ
modules/base/tool.go	74.18% <ø> (+0.3%)	⬆️
routers/user/auth_openid.go	0% <0%> (ø)	⬆️
routers/install.go	0% <0%> (ø)	⬆️
models/twofactor.go	5.37% <0%> (ø)	⬆️
cmd/generate.go	0% <0%> (ø)
main.go	23.33% <0%> (-0.81%)	⬇️
models/migrations/migrations.go	2.89% <0%> (ø)	⬆️
modules/setting/setting.go	47.39% <0%> (+0.96%)	⬆️
models/user.go	39.56% <100%> (ø)	⬆️
modules/generate/generate.go	25.49% <25.49%> (ø)
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e59fe7c...0a34245. Read the comment docs.

[lunny]

The copyright head is incorrect.

[lunny]

As above.