1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-27 09:12:57 +01:00

Make generate_session_key() public (#449)

* make generate_session_key() public and change impl to use DistString

* add changelong and use nightly fmt

* Add better support for receiving larger payloads (#430)

* Add better support for receiving larger payloads

This change enables the maximum frame size to be configured when receiving websocket frames. It also
adds a new stream time that aggregates continuation frames together into their proper collected
representation. It provides no mechanism yet for sending continuations.

* actix-ws: Add continuation & size config to changelog

* actix-ws: Add Debug, Eq to AggregatedMessage

* actix-ws: Add a configurable maximum size to aggregated continuations

* refactor: move aggregate types to own module

* test: fix chat example

* docs: update changelog

---------

Co-authored-by: Rob Ede <robjtede@icloud.com>

* docs(ws): update readme

* chore(actix-ws): prepare release 0.3.0

* chore(ws): remove unused dev dep

* chore: expose generate_session_key

* chore: fix import

---------

Co-authored-by: Rob Ede <robjtede@icloud.com>
Co-authored-by: asonix <asonix@asonix.dog>
This commit is contained in:
edgerunnergit 2024-07-30 02:23:18 +05:30 committed by GitHub
parent cac93d2bc7
commit d8a86751f0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 11 additions and 12 deletions

View File

@ -6,6 +6,7 @@
- Rename `redis-rs-session` crate feature to `redis-session`. - Rename `redis-rs-session` crate feature to `redis-session`.
- Rename `redis-rs-tls-session` crate feature to `redis-session-native-tls`. - Rename `redis-rs-tls-session` crate feature to `redis-session-native-tls`.
- Remove `redis-actor-session` crate feature (and, therefore, the `actix-redis` based storage backend). - Remove `redis-actor-session` crate feature (and, therefore, the `actix-redis` based storage backend).
- Expose `storage::generate_session_key()`.
## 0.9.0 ## 0.9.0

View File

@ -18,6 +18,8 @@ mod redis_rs;
mod utils; mod utils;
#[cfg(feature = "cookie-session")] #[cfg(feature = "cookie-session")]
pub use cookie::CookieSessionStore; pub use self::cookie::CookieSessionStore;
#[cfg(feature = "redis-session")] #[cfg(feature = "redis-session")]
pub use redis_rs::{RedisSessionStore, RedisSessionStoreBuilder}; pub use self::redis_rs::{RedisSessionStore, RedisSessionStoreBuilder};
#[cfg(feature = "redis-session")]
pub use self::utils::generate_session_key;

View File

@ -1,17 +1,13 @@
use rand::{distributions::Alphanumeric, rngs::OsRng, Rng as _}; use rand::distributions::{Alphanumeric, DistString as _};
use crate::storage::SessionKey; use crate::storage::SessionKey;
/// Session key generation routine that follows [OWASP recommendations]. /// Session key generation routine that follows [OWASP recommendations].
/// ///
/// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy /// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
pub(crate) fn generate_session_key() -> SessionKey { pub fn generate_session_key() -> SessionKey {
let value = std::iter::repeat(()) Alphanumeric
.map(|()| OsRng.sample(Alphanumeric)) .sample_string(&mut rand::thread_rng(), 64)
.take(64) .try_into()
.collect::<Vec<_>>(); .expect("generated string should be within size range for a session key")
// These unwraps will never panic because pre-conditions are always verified
// (i.e. length and character set)
String::from_utf8(value).unwrap().try_into().unwrap()
} }