Skip to content

Commit

Permalink
Merge pull request #24 from bentranter/use-crypto-rand-for-xsrf
Browse files Browse the repository at this point in the history 
Use crypto/rand for XSRF token generation
  • Loading branch information
@dinever
dinever authored Jun 11, 2016
2 parents 8adab8a + 8fbfd14 commit 3776f33
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions xsrf.go
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
package golf

import (
"crypto/rand"
"encoding/hex"
"math/rand"
"time"
)

const chars = "abcdefghijklmnopqrstuvwxyz0123456789"

func randomBytes(strlen int) []byte {
rand.Seed(time.Now().UTC().UnixNano())
result := make([]byte, strlen)
for i := 0; i < strlen; i++ {
result[i] = chars[rand.Intn(len(chars))]
b := make([]byte, strlen)
_, err := rand.Read(b)
if err != nil {
// panic on failure since this indicates a failure of the system's
// CSPRNG
panic(err)
}
return result
return b
}

func decodeXSRFToken(maskedToken string) ([]byte, []byte, error) {
Expand Down

0 comments on commit 3776f33

Please # to comment.