Update random id generation algorithm

2020-01-26 07:45:02 +00:00 · 2020-01-26 07:45:02 +00:00 · c9842c65b4
parent bf2cfaf0ed
commit c9842c65b4
3 changed files with 23 additions and 9 deletions
--- a/migrations/csrfToken/main.go
+++ b/migrations/csrfToken/main.go
@ -69,7 +69,10 @@ func main() {
 		if err != nil {
 			log.Fatal(err)
 		}
-		s.CSRFToken = util.NewCSRFToken()
+		s.CSRFToken, err = util.NewCSRFToken()
+		if err != nil {
+			log.Fatal(err)
+		}
 		err = sessionRepo.Add(s)
 		if err != nil {
 			log.Fatal(err)
--- a/service/service.go
+++ b/service/service.go
@ -106,8 +106,14 @@ func (svc *service) GetAuthUrl(ctx context.Context, instance string) (
 		instanceURL = "https://" + instance
 	}

-	sessionID = util.NewSessionId()
-	csrfToken := util.NewCSRFToken()
+	sessionID, err = util.NewSessionId()
+	if err != nil {
+		return
+	}
+	csrfToken, err := util.NewCSRFToken()
+	if err != nil {
+		return
+	}
 	session := model.Session{
 		ID:             sessionID,
 		InstanceDomain: instance,
--- a/util/rand.go
+++ b/util/rand.go
@ -1,7 +1,8 @@
 package util

 import (
-	"math/rand"
+	"crypto/rand"
+	"math/big"
 )

 var (
@ -9,18 +10,22 @@ var (
 	runes_length = len(runes)
 )

-func NewRandId(n int) string {
+func NewRandId(n int) (string, error) {
 	data := make([]rune, n)
 	for i := range data {
-		data[i] = runes[rand.Intn(runes_length)]
+		num, err := rand.Int(rand.Reader, big.NewInt(int64(runes_length)))
+		if err != nil {
+			return "", err
+		}
+		data[i] = runes[num.Int64()]
 	}
-	return string(data)
+	return string(data), nil
 }

-func NewSessionId() string {
+func NewSessionId() (string, error) {
 	return NewRandId(24)
 }

-func NewCSRFToken() string {
+func NewCSRFToken() (string, error) {
 	return NewRandId(24)
 }