Use random token rather than NanoID

2024-09-20 06:47:15 +03:00 · 2024-06-26 17:19:01 -07:00 · 2024-06-26 17:19:01 -07:00 · a7f234a558
commit a7f234a558
parent 745660d972
3 changed files with 14 additions and 2 deletions
--- a/unison-share-api/package.yaml
+++ b/unison-share-api/package.yaml
@ -16,6 +16,7 @@ dependencies:
  - bytes
  - bytestring
  - containers
+  - cryptonite
  - Diff
  - directory
  - errors
--- a/unison-share-api/src/Unison/Server/CodebaseServer.hs
+++ b/unison-share-api/src/Unison/Server/CodebaseServer.hs
@ -10,7 +10,9 @@ import Control.Concurrent.Async (race)
 import Control.Exception (ErrorCall (..), throwIO)
 import Control.Monad.Reader
 import Control.Monad.Trans.Except
+import Crypto.Random qualified as Crypto
 import Data.Aeson ()
+import Data.ByteArray.Encoding qualified as BE
 import Data.ByteString qualified as Strict
 import Data.ByteString.Char8 (unpack)
 import Data.ByteString.Char8 qualified as C8
@ -82,7 +84,6 @@ import System.Directory (canonicalizePath, doesFileExist)
 import System.Environment (getExecutablePath)
 import System.FilePath ((</>))
 import System.FilePath qualified as FilePath
-import System.Random.MWC (createSystemRandom)
 import U.Codebase.HashTags (CausalHash)
 import Unison.Codebase (Codebase)
 import Unison.Codebase qualified as Codebase
@ -406,9 +407,18 @@ app env rt codebase uiPath expectedToken allowCorsHost =

 -- | The Token is used to help prevent multiple users on a machine gain access to
 -- each others codebases.
+--
+-- Generate a cryptographically secure random token.
+-- https://neilmadden.blog/2018/08/30/moving-away-from-uuids/
+--
+--  E.g.
+-- >>> genToken
+-- "uxf85C7Y0B6om47"
 genToken :: IO Strict.ByteString
 genToken = do
-  BSC.pack . UUID.toString <$> UUID.nextRandom
+  BE.convertToBase @ByteString BE.Base64URLUnpadded <$> Crypto.getRandomBytes numRandomBytes
+  where
+    numRandomBytes = 10

 data Waiter a = Waiter
  { notify :: a -> IO (),
--- a/unison-share-api/unison-share-api.cabal
+++ b/unison-share-api/unison-share-api.cabal
@ -91,6 +91,7 @@ library
    , bytes
    , bytestring
    , containers
+    , cryptonite
    , directory
    , errors
    , extra