aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--migrations/csrfToken/main.go5
-rw-r--r--service/service.go10
-rw-r--r--util/rand.go17
3 files changed, 23 insertions, 9 deletions
diff --git a/migrations/csrfToken/main.go b/migrations/csrfToken/main.go
index fcd49f2..f2326df 100644
--- a/migrations/csrfToken/main.go
+++ b/migrations/csrfToken/main.go
@@ -69,7 +69,10 @@ func main() {
if err != nil {
log.Fatal(err)
}
- s.CSRFToken = util.NewCSRFToken()
+ s.CSRFToken, err = util.NewCSRFToken()
+ if err != nil {
+ log.Fatal(err)
+ }
err = sessionRepo.Add(s)
if err != nil {
log.Fatal(err)
diff --git a/service/service.go b/service/service.go
index db851f7..c9fccb4 100644
--- a/service/service.go
+++ b/service/service.go
@@ -106,8 +106,14 @@ func (svc *service) GetAuthUrl(ctx context.Context, instance string) (
instanceURL = "https://" + instance
}
- sessionID = util.NewSessionId()
- csrfToken := util.NewCSRFToken()
+ sessionID, err = util.NewSessionId()
+ if err != nil {
+ return
+ }
+ csrfToken, err := util.NewCSRFToken()
+ if err != nil {
+ return
+ }
session := model.Session{
ID: sessionID,
InstanceDomain: instance,
diff --git a/util/rand.go b/util/rand.go
index 212d6d3..ffe97a0 100644
--- a/util/rand.go
+++ b/util/rand.go
@@ -1,7 +1,8 @@
package util
import (
- "math/rand"
+ "crypto/rand"
+ "math/big"
)
var (
@@ -9,18 +10,22 @@ var (
runes_length = len(runes)
)
-func NewRandId(n int) string {
+func NewRandId(n int) (string, error) {
data := make([]rune, n)
for i := range data {
- data[i] = runes[rand.Intn(runes_length)]
+ num, err := rand.Int(rand.Reader, big.NewInt(int64(runes_length)))
+ if err != nil {
+ return "", err
+ }
+ data[i] = runes[num.Int64()]
}
- return string(data)
+ return string(data), nil
}
-func NewSessionId() string {
+func NewSessionId() (string, error) {
return NewRandId(24)
}
-func NewCSRFToken() string {
+func NewCSRFToken() (string, error) {
return NewRandId(24)
}