Make ID Entropy Adjustable
This Patch Does Not Apply To The Current Repository- Title: Adjust ID entropy to be more useable for request identifiers
- Author: Sarah Jamie Lewis <sarah@openprivacy.ca>
auth/indieauth.go
@@ -126,7 +126,7 @@ func (c *AuthClient) CallbackHandler(w http.ResponseWriter, r *http.Request) {
// is logged in. w.Header().Set("Content-Type", "text/html; charset=utf-8") - sessionID, err := common.RandomIdent() + sessionID, err := common.RandomIdent(64) if err != nil { http.Error(w, fmt.Sprintf("invalid 'me': %s", err), http.StatusBadRequest) return
common/rand.go
@@ -1,15 +1,60 @@
package common import ( + "bytes" "crypto/rand" "fmt" ) -func RandomIdent() (string, error) { - randID := [64]byte{} - n, err := rand.Read(randID[:]) - if n != 64 || err != nil { +func RandomIdent(entropy int) (string, error) { + randID := make([]byte, entropy) + n, err := rand.Read(randID) + if n != entropy || err != nil { return "", fmt.Errorf("couldn't generate randomness. something went very wrong") } - return fmt.Sprintf("%x", randID), nil + return Encode(randID[:]), nil +} + +var ( + alphabet = []byte{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'} + base int +) + +func init() { + base = len(alphabet) +} + +func Encode(source []byte) string { + if len(source) == 0 { + return "" + } + + digits := []int{0} + + for i := 0; i < len(source); i++ { + carry := int(source[i]) + + for j := 0; j < len(digits); j++ { + carry += digits[j] << 8 + digits[j] = carry % base + carry = carry / base + } + + for carry > 0 { + digits = append(digits, carry%base) + carry = carry / base + } + } + + var res bytes.Buffer + + for k := 0; source[k] == 0 && k < len(source)-1; k++ { + res.WriteByte(alphabet[0]) + } + + for q := len(digits) - 1; q >= 0; q-- { + res.WriteByte(alphabet[digits[q]]) + } + + return res.String() }
common/request.go
@@ -37,7 +37,7 @@ type IssueRequest struct {
} func NewIssueRequest(summary string, description string, user AuthInfo) (IssueRequest, error) { - ident, err := RandomIdent() + ident, err := RandomIdent(24) return IssueRequest{ Summary: summary, Description: description,
repo/requests.go
@@ -398,7 +398,7 @@ func (rm *RequestManager) handlePatch(w http.ResponseWriter, r *http.Request) {
} defer file.Close() - id, err := common.RandomIdent() + id, err := common.RandomIdent(24) if err != nil { rm.errorHandler("Could Not Create Patch Request", w, r) return
templates/request.new.tpl.html
@@ -10,7 +10,7 @@
{{template "repomenu.tpl.html" .}} <div> {{range .Warnings}} - + {{end}} <h2>Submit a New Change Request</h2> <form method="post" >
@@ -28,7 +28,7 @@
<textarea name="description" placeholder="Please outline the issue/change request in full." - minlength="100" + minlength="10" ></textarea> </label> </fieldset>