Vish/fx-test
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3b9d759b4bdea02ba83ea7400bf53c90a5ac4a87
fx-test/fluxer/fluxer_devops/livekitctl/internal/secrets/secrets.go
Vish 3b9d759b4b feat: add fluxer upstream source and self-hosting documentation 
- Clone of github.com/fluxerapp/fluxer (official upstream)
- SELF_HOSTING.md: full VM rebuild procedure, architecture overview,
  service reference, step-by-step setup, troubleshooting, seattle reference
- dev/.env.example: all env vars with secrets redacted and generation instructions
- dev/livekit.yaml: LiveKit config template with placeholder keys
- fluxer-seattle/: existing seattle deployment setup scripts
2026-03-13 00:55:14 -07:00

92 lines
2.6 KiB
Go
Raw Blame History

/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
package secrets
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/hex"
"encoding/pem"
)
func RandomTokenURLSafe(nbytes int) string {
b := make([]byte, nbytes)
if _, err := rand.Read(b); err != nil {
panic("crypto/rand.Read failed: " + err.Error())
}
return base64.URLEncoding.EncodeToString(b)
}
func RandomTokenHex(nbytes int) string {
b := make([]byte, nbytes)
if _, err := rand.Read(b); err != nil {
panic("crypto/rand.Read failed: " + err.Error())
}
return hex.EncodeToString(b)
}
func SafeAPIKey(prefix string, nbytes int) string {
return prefix + RandomTokenHex(nbytes)
}
type Secrets struct {
KVPassword string `json:"kv_password"`
LiveKitAPIKey string `json:"livekit_api_key"`
LiveKitAPISecret string `json:"livekit_api_secret"`
TURNUsername string `json:"turn_username"`
TURNPassword string `json:"turn_password"`
BlueskyOAuthPrivateKey string `json:"bluesky_oauth_private_key"`
BlueskyOAuthKeyID string `json:"bluesky_oauth_key_id"`
}
func GenerateBlueskyOAuthRSAKey() (string, error) {
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return "", err
}
privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
privateKeyPEM := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: privateKeyBytes,
})
return string(privateKeyPEM), nil
}
func GenerateNewSecrets() *Secrets {
blueskyPrivateKey, err := GenerateBlueskyOAuthRSAKey()
if err != nil {
panic("Failed to generate Bluesky OAuth RSA key: " + err.Error())
}
return &Secrets{
KVPassword: RandomTokenURLSafe(24),
LiveKitAPIKey: SafeAPIKey("lk_", 16),
LiveKitAPISecret: RandomTokenURLSafe(48),
TURNUsername: "livekit",
TURNPassword: RandomTokenURLSafe(48),
BlueskyOAuthPrivateKey: blueskyPrivateKey,
BlueskyOAuthKeyID: "prod-key-1",
}
}
Reference in New Issue View Git Blame Copy Permalink