From a328e7ccc4f94e19cddfe5894636228663f5c7fa Mon Sep 17 00:00:00 2001
From: E99p1ant <i@github.red>
Date: Sun, 5 Jun 2022 13:34:21 +0800
Subject: access_token: encrypt access token with SHA256 (#7008)

* access_token: encrypt access token with SHA256

* revert list access token

* fix lint

* generate schemadoc

* add database migrations

* fix tests

* fix tests

* add test case for access token golden

* fix test in postgres

* `Sha256` -> `SHA256`

* Use GORM for migration

* task generate-schemadoc

* Use unique

* change migration name

* allow read

* task generate-schemadoc

* add changelog

* fix lint error

* update changelog

* remove Debug

* add comments

Co-authored-by: Joe Chen <jc@unknwon.io>
---
 internal/cryptoutil/sha.go       | 25 +++++++++++++++++++++++
 internal/cryptoutil/sha1.go      | 17 ----------------
 internal/cryptoutil/sha1_test.go | 27 -------------------------
 internal/cryptoutil/sha_test.go  | 43 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 68 insertions(+), 44 deletions(-)
 create mode 100644 internal/cryptoutil/sha.go
 delete mode 100644 internal/cryptoutil/sha1.go
 delete mode 100644 internal/cryptoutil/sha1_test.go
 create mode 100644 internal/cryptoutil/sha_test.go

(limited to 'internal/cryptoutil')

diff --git a/internal/cryptoutil/sha.go b/internal/cryptoutil/sha.go
new file mode 100644
index 00000000..d829d526
--- /dev/null
+++ b/internal/cryptoutil/sha.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cryptoutil
+
+import (
+	"crypto/sha1"
+	"crypto/sha256"
+	"encoding/hex"
+)
+
+// SHA1 encodes string to hexadecimal of SHA1 checksum.
+func SHA1(str string) string {
+	h := sha1.New()
+	_, _ = h.Write([]byte(str))
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+// SHA256 encodes string to hexadecimal of SHA256 checksum.
+func SHA256(str string) string {
+	h := sha256.New()
+	_, _ = h.Write([]byte(str))
+	return hex.EncodeToString(h.Sum(nil))
+}
diff --git a/internal/cryptoutil/sha1.go b/internal/cryptoutil/sha1.go
deleted file mode 100644
index 38133960..00000000
--- a/internal/cryptoutil/sha1.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2020 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cryptoutil
-
-import (
-	"crypto/sha1"
-	"encoding/hex"
-)
-
-// SHA1 encodes string to hexadecimal of SHA1 checksum.
-func SHA1(str string) string {
-	h := sha1.New()
-	_, _ = h.Write([]byte(str))
-	return hex.EncodeToString(h.Sum(nil))
-}
diff --git a/internal/cryptoutil/sha1_test.go b/internal/cryptoutil/sha1_test.go
deleted file mode 100644
index c9795c98..00000000
--- a/internal/cryptoutil/sha1_test.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2020 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cryptoutil
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestSHA1(t *testing.T) {
-	tests := []struct {
-		input  string
-		output string
-	}{
-		{input: "", output: "da39a3ee5e6b4b0d3255bfef95601890afd80709"},
-		{input: "The quick brown fox jumps over the lazy dog", output: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"},
-		{input: "The quick brown fox jumps over the lazy dog.", output: "408d94384216f890ff7a0c3528e8bed1e0b01621"},
-	}
-	for _, test := range tests {
-		t.Run(test.input, func(t *testing.T) {
-			assert.Equal(t, test.output, SHA1(test.input))
-		})
-	}
-}
diff --git a/internal/cryptoutil/sha_test.go b/internal/cryptoutil/sha_test.go
new file mode 100644
index 00000000..a3cbf484
--- /dev/null
+++ b/internal/cryptoutil/sha_test.go
@@ -0,0 +1,43 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cryptoutil
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSHA1(t *testing.T) {
+	tests := []struct {
+		input  string
+		output string
+	}{
+		{input: "", output: "da39a3ee5e6b4b0d3255bfef95601890afd80709"},
+		{input: "The quick brown fox jumps over the lazy dog", output: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"},
+		{input: "The quick brown fox jumps over the lazy dog.", output: "408d94384216f890ff7a0c3528e8bed1e0b01621"},
+	}
+	for _, test := range tests {
+		t.Run(test.input, func(t *testing.T) {
+			assert.Equal(t, test.output, SHA1(test.input))
+		})
+	}
+}
+
+func TestSHA256(t *testing.T) {
+	tests := []struct {
+		input  string
+		output string
+	}{
+		{input: "", output: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},
+		{input: "The quick brown fox jumps over the lazy dog", output: "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592"},
+		{input: "The quick brown fox jumps over the lazy dog.", output: "ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c"},
+	}
+	for _, test := range tests {
+		t.Run(test.input, func(t *testing.T) {
+			assert.Equal(t, test.output, SHA256(test.input))
+		})
+	}
+}
-- 
cgit v1.2.3