From 860e3788c7835aad065931fb60402d3e95502502 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Sun, 16 Feb 2025 10:09:30 -0800 Subject: [PATCH 1/1] Adjust ID entropy to be more useable for request identifiers --- auth/indieauth.go | 2 +- common/rand.go | 55 ++++++++++++++++++++++++++++++---- common/request.go | 2 +- repo/requests.go | 2 +- templates/request.new.tpl.html | 4 +-- 5 files changed, 55 insertions(+), 10 deletions(-) diff --git a/auth/indieauth.go b/auth/indieauth.go index 2163883..1cb69a1 100644 --- a/auth/indieauth.go +++ b/auth/indieauth.go @@ -126,7 +126,7 @@ func (c *AuthClient) CallbackHandler(w http.ResponseWriter, r *http.Request) { // is logged in. w.Header().Set("Content-Type", "text/html; charset=utf-8") - sessionID, err := common.RandomIdent() + sessionID, err := common.RandomIdent(64) if err != nil { http.Error(w, fmt.Sprintf("invalid 'me': %s", err), http.StatusBadRequest) return diff --git a/common/rand.go b/common/rand.go index ad1502d..60ae8a0 100644 --- a/common/rand.go +++ b/common/rand.go @@ -1,15 +1,60 @@ package common import ( + "bytes" "crypto/rand" "fmt" ) -func RandomIdent() (string, error) { - randID := [64]byte{} - n, err := rand.Read(randID[:]) - if n != 64 || err != nil { +func RandomIdent(entropy int) (string, error) { + randID := make([]byte, entropy) + n, err := rand.Read(randID) + if n != entropy || err != nil { return "", fmt.Errorf("couldn't generate randomness. something went very wrong") } - return fmt.Sprintf("%x", randID), nil + return Encode(randID[:]), nil +} + +var ( + alphabet = []byte{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'} + base int +) + +func init() { + base = len(alphabet) +} + +func Encode(source []byte) string { + if len(source) == 0 { + return "" + } + + digits := []int{0} + + for i := 0; i < len(source); i++ { + carry := int(source[i]) + + for j := 0; j < len(digits); j++ { + carry += digits[j] << 8 + digits[j] = carry % base + carry = carry / base + } + + for carry > 0 { + digits = append(digits, carry%base) + carry = carry / base + } + } + + var res bytes.Buffer + + for k := 0; source[k] == 0 && k < len(source)-1; k++ { + res.WriteByte(alphabet[0]) + } + + for q := len(digits) - 1; q >= 0; q-- { + res.WriteByte(alphabet[digits[q]]) + } + + return res.String() } diff --git a/common/request.go b/common/request.go index b3a2154..5d13850 100644 --- a/common/request.go +++ b/common/request.go @@ -37,7 +37,7 @@ type IssueRequest struct { } func NewIssueRequest(summary string, description string, user AuthInfo) (IssueRequest, error) { - ident, err := RandomIdent() + ident, err := RandomIdent(24) return IssueRequest{ Summary: summary, Description: description, diff --git a/repo/requests.go b/repo/requests.go index 80ad03f..02844e8 100644 --- a/repo/requests.go +++ b/repo/requests.go @@ -398,7 +398,7 @@ func (rm *RequestManager) handlePatch(w http.ResponseWriter, r *http.Request) { } defer file.Close() - id, err := common.RandomIdent() + id, err := common.RandomIdent(24) if err != nil { rm.errorHandler("Could Not Create Patch Request", w, r) return diff --git a/templates/request.new.tpl.html b/templates/request.new.tpl.html index ce36c34..a938a3c 100644 --- a/templates/request.new.tpl.html +++ b/templates/request.new.tpl.html @@ -10,7 +10,7 @@ {{template "repomenu.tpl.html" .}}
{{range .Warnings}} - + {{end}}

Submit a New Change Request

@@ -28,7 +28,7 @@ -- 2.43.0