Home Explore Help
Sign In
LBP
/
miniflux_v2
mirror of https://github.com/miniflux/v2.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

refactor(crypto): use rand.Text() instead of a custom implementation

Go 1.24 provides the helpful rand.Text() function, returning a base32-encoded
string containing at least 128 bits of randomness. We should make use of it
everywhere it makes sense to do so, if only to not having to think about much
entropy do we need for each cases, and just trust the go crypto team.

Also, rand.Read() can't fail, so no need to check its return value:
https://pkg.go.dev/crypto/rand#Read This behaviour is consistent with go's
standard library itself.
jvoisin 9 months ago
parent
43546976d2
commit
9a1d9593b3
3 changed files with 8 additions and 17 deletions
Split View Show Diff Stats
  1. 1 10
      internal/crypto/crypto.go
  2. 5 5
      internal/storage/session.go
  3. 2 2
      internal/storage/user_session.go

+ 1 - 10
internal/crypto/crypto.go
View File 

@@ -8,7 +8,6 @@ import (
 
 	"crypto/rand"
 
 	"crypto/sha256"
 
 	"crypto/subtle"
 
-	"encoding/base64"
 
 	"encoding/hex"
 
 	"fmt"
 
 
@@ -28,18 +27,10 @@ func Hash(value string) string {
 
 // GenerateRandomBytes returns random bytes.
 
 func GenerateRandomBytes(size int) []byte {
 
 	b := make([]byte, size)
 
-	if _, err := rand.Read(b); err != nil {
 
-		panic(err)
 
-	}
 
-
 
+	rand.Read(b)
 
 	return b
 
 }
 
 
-// GenerateRandomString returns a random string.
 
-func GenerateRandomString(size int) string {
 
-	return base64.URLEncoding.EncodeToString(GenerateRandomBytes(size))
 
-}
 
-
 
 // GenerateRandomStringHex returns a random hexadecimal string.
 
 func GenerateRandomStringHex(size int) string {
 
 	return hex.EncodeToString(GenerateRandomBytes(size))

+ 5 - 5
internal/storage/session.go
View File 

@@ -4,10 +4,10 @@
 
 package storage // import "miniflux.app/v2/internal/storage"
 
 
 import (
 
+	"crypto/rand"
 
 	"database/sql"
 
 	"fmt"
 
 
-	"miniflux.app/v2/internal/crypto"
 
 	"miniflux.app/v2/internal/model"
 
 )
 
 
@@ -19,9 +19,9 @@ func (s *Storage) CreateAppSessionWithUserPrefs(userID int64) (*model.Session, e
 
 	}
 
 
 	session := model.Session{
 
-		ID: crypto.GenerateRandomString(32),
 
+		ID: rand.Text(),
 
 		Data: &model.SessionData{
 
-			CSRF:     crypto.GenerateRandomString(64),
 
+			CSRF:     rand.Text(),
 
 			Theme:    user.Theme,
 
 			Language: user.Language,
 
 		},
 
@@ -33,9 +33,9 @@ func (s *Storage) CreateAppSessionWithUserPrefs(userID int64) (*model.Session, e
 
 // CreateAppSession creates a new application session.
 
 func (s *Storage) CreateAppSession() (*model.Session, error) {
 
 	session := model.Session{
 
-		ID: crypto.GenerateRandomString(32),
 
+		ID: rand.Text(),
 
 		Data: &model.SessionData{
 
-			CSRF: crypto.GenerateRandomString(64),
 
+			CSRF: rand.Text(),
 
 		},
 
 	}

+ 2 - 2
internal/storage/user_session.go
View File 

@@ -4,10 +4,10 @@
 
 package storage // import "miniflux.app/v2/internal/storage"
 
 
 import (
 
+	"crypto/rand"
 
 	"database/sql"
 
 	"fmt"
 
 
-	"miniflux.app/v2/internal/crypto"
 
 	"miniflux.app/v2/internal/model"
 
 )
 
 
@@ -56,7 +56,7 @@ func (s *Storage) UserSessions(userID int64) (model.UserSessions, error) {
 
 
 // CreateUserSessionFromUsername creates a new user session.
 
 func (s *Storage) CreateUserSessionFromUsername(username, userAgent, ip string) (sessionID string, userID int64, err error) {
 
-	token := crypto.GenerateRandomString(64)
 
+	token := rand.Text()
 
 
 	tx, err := s.db.Begin()
 
 	if err != nil {