From d8a86751f08e8e8d14023f9b414edb250fd4e7d9 Mon Sep 17 00:00:00 2001 From: edgerunnergit Date: Tue, 30 Jul 2024 02:23:18 +0530 Subject: [PATCH] Make `generate_session_key()` public (#449) * make generate_session_key() public and change impl to use DistString * add changelong and use nightly fmt * Add better support for receiving larger payloads (#430) * Add better support for receiving larger payloads This change enables the maximum frame size to be configured when receiving websocket frames. It also adds a new stream time that aggregates continuation frames together into their proper collected representation. It provides no mechanism yet for sending continuations. * actix-ws: Add continuation & size config to changelog * actix-ws: Add Debug, Eq to AggregatedMessage * actix-ws: Add a configurable maximum size to aggregated continuations * refactor: move aggregate types to own module * test: fix chat example * docs: update changelog --------- Co-authored-by: Rob Ede * docs(ws): update readme * chore(actix-ws): prepare release 0.3.0 * chore(ws): remove unused dev dep * chore: expose generate_session_key * chore: fix import --------- Co-authored-by: Rob Ede Co-authored-by: asonix --- actix-session/CHANGES.md | 1 + actix-session/src/storage/mod.rs | 6 ++++-- actix-session/src/storage/utils.rs | 16 ++++++---------- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/actix-session/CHANGES.md b/actix-session/CHANGES.md index 1cdc19e25..070b4351a 100644 --- a/actix-session/CHANGES.md +++ b/actix-session/CHANGES.md @@ -6,6 +6,7 @@ - Rename `redis-rs-session` crate feature to `redis-session`. - Rename `redis-rs-tls-session` crate feature to `redis-session-native-tls`. - Remove `redis-actor-session` crate feature (and, therefore, the `actix-redis` based storage backend). +- Expose `storage::generate_session_key()`. ## 0.9.0 diff --git a/actix-session/src/storage/mod.rs b/actix-session/src/storage/mod.rs index 5c6022b17..8c0dd5b11 100644 --- a/actix-session/src/storage/mod.rs +++ b/actix-session/src/storage/mod.rs @@ -18,6 +18,8 @@ mod redis_rs; mod utils; #[cfg(feature = "cookie-session")] -pub use cookie::CookieSessionStore; +pub use self::cookie::CookieSessionStore; #[cfg(feature = "redis-session")] -pub use redis_rs::{RedisSessionStore, RedisSessionStoreBuilder}; +pub use self::redis_rs::{RedisSessionStore, RedisSessionStoreBuilder}; +#[cfg(feature = "redis-session")] +pub use self::utils::generate_session_key; diff --git a/actix-session/src/storage/utils.rs b/actix-session/src/storage/utils.rs index bc9198867..4dcfed7bb 100644 --- a/actix-session/src/storage/utils.rs +++ b/actix-session/src/storage/utils.rs @@ -1,17 +1,13 @@ -use rand::{distributions::Alphanumeric, rngs::OsRng, Rng as _}; +use rand::distributions::{Alphanumeric, DistString as _}; use crate::storage::SessionKey; /// Session key generation routine that follows [OWASP recommendations]. /// /// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy -pub(crate) fn generate_session_key() -> SessionKey { - let value = std::iter::repeat(()) - .map(|()| OsRng.sample(Alphanumeric)) - .take(64) - .collect::>(); - - // These unwraps will never panic because pre-conditions are always verified - // (i.e. length and character set) - String::from_utf8(value).unwrap().try_into().unwrap() +pub fn generate_session_key() -> SessionKey { + Alphanumeric + .sample_string(&mut rand::thread_rng(), 64) + .try_into() + .expect("generated string should be within size range for a session key") }