use better random for URLs and delete keys
Using a PRNG seeded based on only the time for these is a bad idea as the output is predictable. Instead, use a package that generates random strings using go's crypo/rand package to provide cryptographically secure random URLs and delete keys.
This commit is contained in:
parent
8f7b47f572
commit
98106ec74f
|
@ -16,6 +16,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"bitbucket.org/taruti/mimemagic"
|
"bitbucket.org/taruti/mimemagic"
|
||||||
|
"github.com/dchest/uniuri"
|
||||||
"github.com/zenazn/goji/web"
|
"github.com/zenazn/goji/web"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -219,7 +220,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
|
||||||
|
|
||||||
// If no delete key specified, pick a random one.
|
// If no delete key specified, pick a random one.
|
||||||
if upReq.deletionKey == "" {
|
if upReq.deletionKey == "" {
|
||||||
upload.DeleteKey = randomString(30)
|
upload.DeleteKey = uniuri.NewLen(30)
|
||||||
} else {
|
} else {
|
||||||
upload.DeleteKey = upReq.deletionKey
|
upload.DeleteKey = upReq.deletionKey
|
||||||
}
|
}
|
||||||
|
@ -240,7 +241,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateBarename() string {
|
func generateBarename() string {
|
||||||
return randomString(8)
|
return uniuri.NewLenChars(8, []byte("abcdefghijklmnopqrstuvwxyz0123456789"))
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateJSONresponse(upload Upload) []byte {
|
func generateJSONresponse(upload Upload) []byte {
|
||||||
|
|
Loading…
Reference in New Issue