mirror of
https://github.com/actix/actix-extras.git
synced 2025-04-23 02:14:52 +02:00
18 lines
672 B
Rust
18 lines
672 B
Rust
use rand::{distributions::Alphanumeric, rngs::OsRng, Rng as _};
|
|
|
|
use crate::storage::SessionKey;
|
|
|
|
/// Session key generation routine that follows [OWASP recommendations].
|
|
///
|
|
/// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
|
|
pub(crate) fn generate_session_key() -> SessionKey {
|
|
let value = std::iter::repeat(())
|
|
.map(|()| OsRng.sample(Alphanumeric))
|
|
.take(64)
|
|
.collect::<Vec<_>>();
|
|
|
|
// These unwraps will never panic because pre-conditions are always verified
|
|
// (i.e. length and character set)
|
|
String::from_utf8(value).unwrap().try_into().unwrap()
|
|
}
|