mirror of
https://github.com/actix/actix-extras.git
synced 2025-04-23 02:14:52 +02:00
7e6335a09f
Co-authored-by: Rob Ede <robjtede@icloud.com> Co-authored-by: Luca P <rust@lpalmieri.com> Co-authored-by: Sebastian Rollén <38324289+SebRollen@users.noreply.github.com>
20 lines
700 B
Rust
20 lines
700 B
Rust
use std::convert::TryInto;
|
|
|
|
use rand::{distributions::Alphanumeric, rngs::OsRng, Rng as _};
|
|
|
|
use crate::storage::SessionKey;
|
|
|
|
/// Session key generation routine that follows [OWASP recommendations].
|
|
///
|
|
/// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
|
|
pub(crate) fn generate_session_key() -> SessionKey {
|
|
let value = std::iter::repeat(())
|
|
.map(|()| OsRng.sample(Alphanumeric))
|
|
.take(64)
|
|
.collect::<Vec<_>>();
|
|
|
|
// These unwraps will never panic because pre-conditions are always verified
|
|
// (i.e. length and character set)
|
|
String::from_utf8(value).unwrap().try_into().unwrap()
|
|
}
|