Update random id generation algorithm
authorr <r@freesoftwareextremist.com>
Sun, 26 Jan 2020 07:45:02 +0000 (07:45 +0000)
committerr <r@freesoftwareextremist.com>
Sun, 26 Jan 2020 07:45:34 +0000 (07:45 +0000)
migrations/csrfToken/main.go
service/service.go
util/rand.go

index fcd49f2272c18c477108a8a5f9a5e5e1219f43ac..f2326df2a0d202584423a51a46f764eacbcde2f8 100644 (file)
@@ -69,7 +69,10 @@ func main() {
                if err != nil {
                        log.Fatal(err)
                }
-               s.CSRFToken = util.NewCSRFToken()
+               s.CSRFToken, err = util.NewCSRFToken()
+               if err != nil {
+                       log.Fatal(err)
+               }
                err = sessionRepo.Add(s)
                if err != nil {
                        log.Fatal(err)
index db851f77d601956ed46fc3acdb6d1cd9017431ff..c9fccb4c9835b3da9f3abc3432abd3193ba5f1fc 100644 (file)
@@ -106,8 +106,14 @@ func (svc *service) GetAuthUrl(ctx context.Context, instance string) (
                instanceURL = "https://" + instance
        }
 
-       sessionID = util.NewSessionId()
-       csrfToken := util.NewCSRFToken()
+       sessionID, err = util.NewSessionId()
+       if err != nil {
+               return
+       }
+       csrfToken, err := util.NewCSRFToken()
+       if err != nil {
+               return
+       }
        session := model.Session{
                ID:             sessionID,
                InstanceDomain: instance,
index 212d6d33f63b477089bf8443da9cd53e65995179..ffe97a0da158d5149ffb9a109a0e92af3508c643 100644 (file)
@@ -1,7 +1,8 @@
 package util
 
 import (
-       "math/rand"
+       "crypto/rand"
+       "math/big"
 )
 
 var (
@@ -9,18 +10,22 @@ var (
        runes_length = len(runes)
 )
 
-func NewRandId(n int) string {
+func NewRandId(n int) (string, error) {
        data := make([]rune, n)
        for i := range data {
-               data[i] = runes[rand.Intn(runes_length)]
+               num, err := rand.Int(rand.Reader, big.NewInt(int64(runes_length)))
+               if err != nil {
+                       return "", err
+               }
+               data[i] = runes[num.Int64()]
        }
-       return string(data)
+       return string(data), nil
 }
 
-func NewSessionId() string {
+func NewSessionId() (string, error) {
        return NewRandId(24)
 }
 
-func NewCSRFToken() string {
+func NewCSRFToken() (string, error) {
        return NewRandId(24)
 }