use better random for URLs and delete keys

Using a PRNG seeded based on only the time for these is a bad idea as
the output is predictable. Instead, use a package that generates random
strings using go's crypo/rand package to provide cryptographically
secure random URLs and delete keys.
This commit is contained in:
mutantmonkey 2015-10-01 22:09:40 -07:00
parent 8f7b47f572
commit 98106ec74f

View File

@ -16,6 +16,7 @@ import (
"strings" "strings"
"bitbucket.org/taruti/mimemagic" "bitbucket.org/taruti/mimemagic"
"github.com/dchest/uniuri"
"github.com/zenazn/goji/web" "github.com/zenazn/goji/web"
) )
@ -219,7 +220,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
// If no delete key specified, pick a random one. // If no delete key specified, pick a random one.
if upReq.deletionKey == "" { if upReq.deletionKey == "" {
upload.DeleteKey = randomString(30) upload.DeleteKey = uniuri.NewLen(30)
} else { } else {
upload.DeleteKey = upReq.deletionKey upload.DeleteKey = upReq.deletionKey
} }
@ -240,7 +241,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
} }
func generateBarename() string { func generateBarename() string {
return randomString(8) return uniuri.NewLenChars(8, []byte("abcdefghijklmnopqrstuvwxyz0123456789"))
} }
func generateJSONresponse(upload Upload) []byte { func generateJSONresponse(upload Upload) []byte {