Remove error returns from crypto random helpers and callers (#37240)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
2026-05-08 14:34:49 +09:00 · 2026-04-17 00:59:26 +08:00
parent 82bfde2a37
commit 4a2bba9aed
23 changed files with 64 additions and 153 deletions
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -171,9 +171,8 @@ func (r *ActionRunner) LoadAttributes(ctx context.Context) error {
 	return nil
 }

-func (r *ActionRunner) GenerateToken() (err error) {
-	r.Token, r.TokenSalt, r.TokenHash, _, err = generateSaltedToken()
-	return err
+func (r *ActionRunner) GenerateAndFillToken() {
+	r.Token, r.TokenSalt, r.TokenHash, _ = generateSaltedToken()
 }

 // CanMatchLabels checks whether the runner's labels can match a job's "runs-on"
--- a/models/actions/runner_token.go
+++ b/models/actions/runner_token.go
@@ -97,10 +97,7 @@ func NewRunnerTokenWithValue(ctx context.Context, ownerID, repoID int64, token s
 }

 func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
-	token, err := util.CryptoRandomString(40)
-	if err != nil {
-		return nil, err
-	}
+	token := util.CryptoRandomString(40)
 	return NewRunnerTokenWithValue(ctx, ownerID, repoID, token)
 }

--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -147,9 +147,8 @@ func (task *ActionTask) LoadAttributes(ctx context.Context) error {
 	return nil
 }

-func (task *ActionTask) GenerateToken() (err error) {
-	task.Token, task.TokenSalt, task.TokenHash, task.TokenLastEight, err = generateSaltedToken()
-	return err
+func (task *ActionTask) GenerateAndFillToken() {
+	task.Token, task.TokenSalt, task.TokenHash, task.TokenLastEight = generateSaltedToken()
 }

 func GetTaskByID(ctx context.Context, id int64) (*ActionTask, error) {
@@ -288,9 +287,7 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 		CommitSHA:         job.CommitSHA,
 		IsForkPullRequest: job.IsForkPullRequest,
 	}
-	if err := task.GenerateToken(); err != nil {
-		return nil, false, err
-	}
+	task.GenerateAndFillToken()

 	workflowJob, err := job.ParseJob()
 	if err != nil {
--- a/models/actions/utils.go
+++ b/models/actions/utils.go
@@ -18,18 +18,12 @@ import (
 	"code.gitea.io/gitea/modules/util"
 )

-func generateSaltedToken() (string, string, string, string, error) {
-	salt, err := util.CryptoRandomString(10)
-	if err != nil {
-		return "", "", "", "", err
-	}
-	buf, err := util.CryptoRandomBytes(20)
-	if err != nil {
-		return "", "", "", "", err
-	}
+func generateSaltedToken() (string, string, string, string) {
+	salt := util.CryptoRandomString(10)
+	buf := util.CryptoRandomBytes(20)
 	token := hex.EncodeToString(buf)
 	hash := auth_model.HashToken(token, salt)
-	return token, salt, hash, token[len(token)-8:], nil
+	return token, salt, hash, token[len(token)-8:]
 }

 /*
--- a/models/auth/access_token.go
+++ b/models/auth/access_token.go
@@ -98,19 +98,13 @@ func init() {

 // NewAccessToken creates new access token.
 func NewAccessToken(ctx context.Context, t *AccessToken) error {
-	salt, err := util.CryptoRandomString(10)
-	if err != nil {
-		return err
-	}
-	token, err := util.CryptoRandomBytes(20)
-	if err != nil {
-		return err
-	}
+	salt := util.CryptoRandomString(10)
+	token := util.CryptoRandomBytes(20)
 	t.TokenSalt = salt
 	t.Token = hex.EncodeToString(token)
 	t.TokenHash = HashToken(t.Token, t.TokenSalt)
 	t.TokenLastEight = t.Token[len(t.Token)-8:]
-	_, err = db.GetEngine(ctx).Insert(t)
+	_, err := db.GetEngine(ctx).Insert(t)
 	return err
 }

--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -185,10 +185,7 @@ var base32Lower = base32.NewEncoding(lowerBase32Chars).WithPadding(base32.NoPadd

 // GenerateClientSecret will generate the client secret and returns the plaintext and saves the hash at the database
 func (app *OAuth2Application) GenerateClientSecret(ctx context.Context) (string, error) {
-	rBytes, err := util.CryptoRandomBytes(32)
-	if err != nil {
-		return "", err
-	}
+	rBytes := util.CryptoRandomBytes(32)
 	// Add a prefix to the base32, this is in order to make it easier
 	// for code scanners to grab sensitive tokens.
 	clientSecret := "gto_" + base32Lower.EncodeToString(rBytes)
@@ -484,10 +481,7 @@ func (grant *OAuth2Grant) TableName() string {

 // GenerateNewAuthorizationCode generates a new authorization code for a grant and saves it to the database
 func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error) {
-	rBytes, err := util.CryptoRandomBytes(32)
-	if err != nil {
-		return &OAuth2AuthorizationCode{}, err
-	}
+	rBytes := util.CryptoRandomBytes(32)
 	// Add a prefix to the base32, this is in order to make it easier
 	// for code scanners to grab sensitive tokens.
 	codeSecret := "gta_" + base32Lower.EncodeToString(rBytes)
--- a/models/auth/twofactor.go
+++ b/models/auth/twofactor.go
@@ -65,14 +65,11 @@ func init() {

 // GenerateScratchToken recreates the scratch token the user is using.
 func (t *TwoFactor) GenerateScratchToken() (string, error) {
-	tokenBytes, err := util.CryptoRandomBytes(6)
-	if err != nil {
-		return "", err
-	}
+	tokenBytes := util.CryptoRandomBytes(6)
 	// these chars are specially chosen, avoid ambiguous chars like `0`, `O`, `1`, `I`.
 	const base32Chars = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"
 	token := base32.NewEncoding(base32Chars).WithPadding(base32.NoPadding).EncodeToString(tokenBytes)
-	t.ScratchSalt, _ = util.CryptoRandomString(10)
+	t.ScratchSalt = util.CryptoRandomString(10)
 	t.ScratchHash = HashToken(token, t.ScratchSalt)
 	return token, nil
 }
--- a/models/migrations/v1_6/v71.go
+++ b/models/migrations/v1_6/v71.go
@@ -51,10 +51,7 @@ func AddScratchHash(x *xorm.Engine) error {

 		for _, tfa := range tfas {
 			// generate salt
-			salt, err := util.CryptoRandomString(10)
-			if err != nil {
-				return err
-			}
+			salt := util.CryptoRandomString(10)
 			tfa.ScratchSalt = salt
 			tfa.ScratchHash = base.HashToken(tfa.ScratchToken, salt)

--- a/models/migrations/v1_9/v85.go
+++ b/models/migrations/v1_9/v85.go
@@ -65,10 +65,7 @@ func HashAppToken(x *xorm.Engine) error {

 		for _, token := range tokens {
 			// generate salt
-			salt, err := util.CryptoRandomString(10)
-			if err != nil {
-				return err
-			}
+			salt := util.CryptoRandomString(10)
 			token.TokenSalt = salt
 			token.TokenHash = base.HashToken(token.Sha1, salt)
 			if len(token.Sha1) < 8 {
--- a/models/organization/team_invite.go
+++ b/models/organization/team_invite.go
@@ -116,10 +116,7 @@ func CreateTeamInvite(ctx context.Context, doer *user_model.User, team *Team, em
 		}
 	}

-	token, err := util.CryptoRandomString(25)
-	if err != nil {
-		return nil, err
-	}
+	token := util.CryptoRandomString(25)

 	invite := &TeamInvite{
 		Token:     token,
--- a/models/packages/package_blob_upload.go
+++ b/models/packages/package_blob_upload.go
@@ -31,16 +31,13 @@ type PackageBlobUpload struct {

 // CreateBlobUpload inserts a blob upload
 func CreateBlobUpload(ctx context.Context) (*PackageBlobUpload, error) {
-	id, err := util.CryptoRandomString(25)
-	if err != nil {
-		return nil, err
-	}
+	id := util.CryptoRandomString(25)

 	pbu := &PackageBlobUpload{
 		ID: strings.ToLower(id),
 	}

-	_, err = db.GetEngine(ctx).Insert(pbu)
+	_, err := db.GetEngine(ctx).Insert(pbu)
 	return pbu, err
 }

--- a/models/user/user.go
+++ b/models/user/user.go
@@ -524,10 +524,7 @@ const SaltByteLength = 16

 // GetUserSalt returns a random user salt token.
 func GetUserSalt() (string, error) {
-	rBytes, err := util.CryptoRandomBytes(SaltByteLength)
-	if err != nil {
-		return "", err
-	}
+	rBytes := util.CryptoRandomBytes(SaltByteLength)
 	// Returns a 32-byte long string.
 	return hex.EncodeToString(rBytes), nil
 }