···4949}
50505151// NewJwtSecretBase64 generates a new base64 encoded value intended to be used for JWT secrets.
5252-func NewJwtSecretBase64() (string, error) {
5252+func NewJwtSecretBase64() ([]byte, string, error) {
5353 bytes, err := NewJwtSecret()
5454 if err != nil {
5555- return "", err
5555+ return nil, "", err
5656 }
5757- return base64.RawURLEncoding.EncodeToString(bytes), nil
5757+ return bytes, base64.RawURLEncoding.EncodeToString(bytes), nil
5858}
59596060// NewSecretKey generate a new value intended to be used by SECRET_KEY.
···336336// loadSymmetricKey checks if the configured secret is valid.
337337// If it is not valid, it will return an error.
338338func loadSymmetricKey() (any, error) {
339339- key := make([]byte, 32)
340340- n, err := base64.RawURLEncoding.Decode(key, []byte(setting.OAuth2.JWTSecretBase64))
341341- if err != nil {
342342- return nil, err
343343- }
344344- if n != 32 {
345345- return nil, fmt.Errorf("JWT secret must be 32 bytes long")
346346- }
347347-348348- return key, nil
339339+ return util.Base64FixedDecode(base64.RawURLEncoding, []byte(setting.OAuth2.JWTSecretBase64), 32)
349340}
350341351342// loadOrCreateAsymmetricKey checks if the configured private key exists.