Home Explore Project
Register Sign In
lyq
/
set_github_secret
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

更换一个加密函数

liuyuqi-dellpc 6 months ago
parent
1648af440b
commit
c6f1b069f3
1 changed files with 31 additions and 9 deletions
Split View Show Diff Stats
  1. 31 9
      set_github_secret/set_github_secret.py

+ 31 - 9
set_github_secret/set_github_secret.py
View File 

@@ -8,9 +8,11 @@
 
 '''
 
 
 import requests
 
-import nacl.secret
 
-from nacl.encoding import Base64Encoder
 
 import json
 
+import requests
 
+from nacl import encoding, public
 
+import json,sys
 
+import base64
 
 
 class GithubPulbicKey:
 
     ''' Github public key '''
 
@@ -46,7 +48,7 @@ class GithubApi:
 
         '''
 
         url = f'{self._api_url}/repos/{self.owner}/{self.repo}/actions/secrets/public-key'
 
         response = self.sess.get(url)
 
-        # print(f'get public key response: {response.text}')
 
+        print(f'get public key response: {response.text}')
 
         if response.status_code == 200:
 
             res_json = response.json()
 
             self.public_key = GithubPulbicKey(
 
@@ -57,16 +59,36 @@ class GithubApi:
 
             print(f"Response status code: {response.status_code}")
 
             print(f"Response body: {response.text}")
 
             return None
 
+    
+    @staticmethod
 
+    def _base64encode(value):
 
+        """
 
 
-    def encrypt_secret_value(self, value: str, public_key: str):
 
+        :param value: byte, encrypted message
 
+        :return: string
 
+        """
 
+        if sys.version_info <= (3, 1):
 
+            return base64.encodestring(value).decode("utf-8")
 
+        else:
 
+            return base64.encodebytes(value).decode("utf-8")
 
+        
+    @staticmethod
 
+    def encrypt_secret_value(value: str, public_key: str):
 
         ''' Value for your secret, encrypted with LibSodium using the public key retrieved from 
         the Get a repository public key endpoint.
 
+        https://github.com/anna-money/workflow-tools/blob/8a94d18254183847d3706e5a610739b40b48c4e6/workflow_tools/secret.py#L63
 
           '''
 
-        key_bytes = Base64Encoder.decode(public_key)
 
-        box = nacl.secret.SecretBox(key_bytes)
 
-        encrypted = box.encrypt(value.encode(), encoder=Base64Encoder).decode()
 
-        # print(f'encrypt value: {value} -> {encrypted} success.')
 
-        return encrypted
 
+        public_key_encoded = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
 
+        sealed_box = public.SealedBox(public_key_encoded)
 
+        encrypted = sealed_box.encrypt(value.encode("utf-8"))
 
+        encrypted_string = GithubApi._base64encode(encrypted)
 
+
 
+        # In Python 3.1+ base64.encodebytes inserts "\n" after every 76 bytes of output and
 
+        # adds a trailing newline character to follow RFC 2045
 
+        # https://docs.python.org/3/library/base64.html#base64.encodebytes
 
+        # To make sure GitHub API accepts payload, remove "\n" from the encrypted value.
 
+        result = encrypted_string.replace("\n", "")
 
+        return result
 
 
     def set_update_github_secret(self, key: str, value: str):
 
         url = f'{self._api_url}/repos/{self.owner}/{self.repo}/actions/secrets/{key}'