tokenCacheKey returns a cache key for an installation access token. The key is a hash of the app/client ID, installation ID, PEM-encoded GitHub App private key, and repo URL. Using a hash ensures that a private decodable key is not stored in the cache.
( appOrClientID string, installationID int64, encodedPrivateKey string, repoURL string, )
| 251 | // private key, and repo URL. Using a hash ensures that a private decodable key |
| 252 | // is not stored in the cache. |
| 253 | func (p *AppCredentialProvider) tokenCacheKey( |
| 254 | appOrClientID string, |
| 255 | installationID int64, |
| 256 | encodedPrivateKey string, |
| 257 | repoURL string, |
| 258 | ) string { |
| 259 | return fmt.Sprintf( |
| 260 | "%x", |
| 261 | sha256.Sum256([]byte( |
| 262 | fmt.Sprintf( |
| 263 | "%s:%d:%s:%s", |
| 264 | appOrClientID, installationID, encodedPrivateKey, repoURL), |
| 265 | ), |
| 266 | ), |
| 267 | ) |
| 268 | } |
| 269 | |
| 270 | // decodeKey attempts to base64 decode a key. If successful, it returns the |
| 271 | // result. If it fails, it attempts to infer whether the input was simply NOT |
no outgoing calls