refactor progress

2026-02-17 12:22:36 +00:00
parent cb31608523
commit d5abd1a7e4
8257 changed files with 1190207 additions and 761040 deletions
--- a/fluxer_devops/livekitctl/internal/secrets/secrets.go
+++ b/fluxer_devops/livekitctl/internal/secrets/secrets.go
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2026 Fluxer Contributors
+ *
+ * This file is part of Fluxer.
+ *
+ * Fluxer is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Fluxer is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package secrets
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/pem"
+)
+
+func RandomTokenURLSafe(nbytes int) string {
+	b := make([]byte, nbytes)
+	if _, err := rand.Read(b); err != nil {
+		panic("crypto/rand.Read failed: " + err.Error())
+	}
+	return base64.URLEncoding.EncodeToString(b)
+}
+
+func RandomTokenHex(nbytes int) string {
+	b := make([]byte, nbytes)
+	if _, err := rand.Read(b); err != nil {
+		panic("crypto/rand.Read failed: " + err.Error())
+	}
+	return hex.EncodeToString(b)
+}
+
+func SafeAPIKey(prefix string, nbytes int) string {
+	return prefix + RandomTokenHex(nbytes)
+}
+
+type Secrets struct {
+	KVPassword              string `json:"kv_password"`
+	LiveKitAPIKey           string `json:"livekit_api_key"`
+	LiveKitAPISecret        string `json:"livekit_api_secret"`
+	TURNUsername            string `json:"turn_username"`
+	TURNPassword            string `json:"turn_password"`
+	BlueskyOAuthPrivateKey  string `json:"bluesky_oauth_private_key"`
+	BlueskyOAuthKeyID       string `json:"bluesky_oauth_key_id"`
+}
+
+func GenerateBlueskyOAuthRSAKey() (string, error) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return "", err
+	}
+
+	privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
+	privateKeyPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: privateKeyBytes,
+	})
+
+	return string(privateKeyPEM), nil
+}
+
+func GenerateNewSecrets() *Secrets {
+	blueskyPrivateKey, err := GenerateBlueskyOAuthRSAKey()
+	if err != nil {
+		panic("Failed to generate Bluesky OAuth RSA key: " + err.Error())
+	}
+
+	return &Secrets{
+		KVPassword:             RandomTokenURLSafe(24),
+		LiveKitAPIKey:          SafeAPIKey("lk_", 16),
+		LiveKitAPISecret:       RandomTokenURLSafe(48),
+		TURNUsername:           "livekit",
+		TURNPassword:           RandomTokenURLSafe(48),
+		BlueskyOAuthPrivateKey: blueskyPrivateKey,
+		BlueskyOAuthKeyID:      "prod-key-1",
+	}
+}