mirror of
https://github.com/actix/actix-extras.git
synced 2024-11-27 09:12:57 +01:00
Make generate_session_key()
public (#449)
* make generate_session_key() public and change impl to use DistString * add changelong and use nightly fmt * Add better support for receiving larger payloads (#430) * Add better support for receiving larger payloads This change enables the maximum frame size to be configured when receiving websocket frames. It also adds a new stream time that aggregates continuation frames together into their proper collected representation. It provides no mechanism yet for sending continuations. * actix-ws: Add continuation & size config to changelog * actix-ws: Add Debug, Eq to AggregatedMessage * actix-ws: Add a configurable maximum size to aggregated continuations * refactor: move aggregate types to own module * test: fix chat example * docs: update changelog --------- Co-authored-by: Rob Ede <robjtede@icloud.com> * docs(ws): update readme * chore(actix-ws): prepare release 0.3.0 * chore(ws): remove unused dev dep * chore: expose generate_session_key * chore: fix import --------- Co-authored-by: Rob Ede <robjtede@icloud.com> Co-authored-by: asonix <asonix@asonix.dog>
This commit is contained in:
parent
cac93d2bc7
commit
d8a86751f0
@ -6,6 +6,7 @@
|
|||||||
- Rename `redis-rs-session` crate feature to `redis-session`.
|
- Rename `redis-rs-session` crate feature to `redis-session`.
|
||||||
- Rename `redis-rs-tls-session` crate feature to `redis-session-native-tls`.
|
- Rename `redis-rs-tls-session` crate feature to `redis-session-native-tls`.
|
||||||
- Remove `redis-actor-session` crate feature (and, therefore, the `actix-redis` based storage backend).
|
- Remove `redis-actor-session` crate feature (and, therefore, the `actix-redis` based storage backend).
|
||||||
|
- Expose `storage::generate_session_key()`.
|
||||||
|
|
||||||
## 0.9.0
|
## 0.9.0
|
||||||
|
|
||||||
|
@ -18,6 +18,8 @@ mod redis_rs;
|
|||||||
mod utils;
|
mod utils;
|
||||||
|
|
||||||
#[cfg(feature = "cookie-session")]
|
#[cfg(feature = "cookie-session")]
|
||||||
pub use cookie::CookieSessionStore;
|
pub use self::cookie::CookieSessionStore;
|
||||||
#[cfg(feature = "redis-session")]
|
#[cfg(feature = "redis-session")]
|
||||||
pub use redis_rs::{RedisSessionStore, RedisSessionStoreBuilder};
|
pub use self::redis_rs::{RedisSessionStore, RedisSessionStoreBuilder};
|
||||||
|
#[cfg(feature = "redis-session")]
|
||||||
|
pub use self::utils::generate_session_key;
|
||||||
|
@ -1,17 +1,13 @@
|
|||||||
use rand::{distributions::Alphanumeric, rngs::OsRng, Rng as _};
|
use rand::distributions::{Alphanumeric, DistString as _};
|
||||||
|
|
||||||
use crate::storage::SessionKey;
|
use crate::storage::SessionKey;
|
||||||
|
|
||||||
/// Session key generation routine that follows [OWASP recommendations].
|
/// Session key generation routine that follows [OWASP recommendations].
|
||||||
///
|
///
|
||||||
/// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
|
/// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
|
||||||
pub(crate) fn generate_session_key() -> SessionKey {
|
pub fn generate_session_key() -> SessionKey {
|
||||||
let value = std::iter::repeat(())
|
Alphanumeric
|
||||||
.map(|()| OsRng.sample(Alphanumeric))
|
.sample_string(&mut rand::thread_rng(), 64)
|
||||||
.take(64)
|
.try_into()
|
||||||
.collect::<Vec<_>>();
|
.expect("generated string should be within size range for a session key")
|
||||||
|
|
||||||
// These unwraps will never panic because pre-conditions are always verified
|
|
||||||
// (i.e. length and character set)
|
|
||||||
String::from_utf8(value).unwrap().try_into().unwrap()
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user