use better random for URLs and delete keys

Using a PRNG seeded based on only the time for these is a bad idea as
the output is predictable. Instead, use a package that generates random
strings using go's crypo/rand package to provide cryptographically
secure random URLs and delete keys.
This commit is contained in:
mutantmonkey 2015-10-01 22:09:40 -07:00
parent 8f7b47f572
commit 98106ec74f

View File

@ -16,6 +16,7 @@ import (
"strings"
"bitbucket.org/taruti/mimemagic"
"github.com/dchest/uniuri"
"github.com/zenazn/goji/web"
)
@ -219,7 +220,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
// If no delete key specified, pick a random one.
if upReq.deletionKey == "" {
upload.DeleteKey = randomString(30)
upload.DeleteKey = uniuri.NewLen(30)
} else {
upload.DeleteKey = upReq.deletionKey
}
@ -240,7 +241,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
}
func generateBarename() string {
return randomString(8)
return uniuri.NewLenChars(8, []byte("abcdefghijklmnopqrstuvwxyz0123456789"))
}
func generateJSONresponse(upload Upload) []byte {