Create deploy token on site creation

2026-04-03 10:21:29 +02:00
parent 78b84a33b8
commit 1aba69cfb5
6 changed files with 94 additions and 5 deletions
@@ -0,0 +1,40 @@
+package security
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/hex"
+	"fmt"
+)
+
+func generateToken() (rawToken string, err error) {
+	bytes := make([]byte, 32)
+	if _, err = rand.Read(bytes); err != nil {
+		return "", err
+	}
+	return "quay_" + hex.EncodeToString(bytes), nil
+}
+
+func hashToken(rawToken string) string {
+	sum := sha256.Sum256([]byte(rawToken))
+	return hex.EncodeToString(sum[:])
+}
+
+func CreateDeployToken() (rawToken, hashedToken string, err error) {
+	rawToken, err = generateToken()
+	if err != nil {
+		return "", "", fmt.Errorf("failed to generate token: %w", err)
+	}
+	hashedToken = hashToken(rawToken)
+	return rawToken, hashedToken, nil
+}
+
+func CompareDeployTokens(incomingRawToken, storedHashedToken string) bool {
+	incomingHash := hashToken(incomingRawToken)
+
+	return subtle.ConstantTimeCompare(
+		[]byte(incomingHash),
+		[]byte(storedHashedToken),
+	) == 1
+}