Make generate_session_key() public (#449)

* make generate_session_key() public and change impl to use DistString * add changelong and use nightly fmt * Add better support for receiving larger payloads (#430) * Add better support for receiving larger payloads This change enables the maximum frame size to be configured when receiving websocket frames. It also adds a new stream time that aggregates continuation frames together into their proper collected representation. It provides no mechanism yet for sending continuations. * actix-ws: Add continuation & size config to changelog * actix-ws: Add Debug, Eq to AggregatedMessage * actix-ws: Add a configurable maximum size to aggregated continuations * refactor: move aggregate types to own module * test: fix chat example * docs: update changelog --------- Co-authored-by: Rob Ede <[email protected]> * docs(ws): update readme * chore(actix-ws): prepare release 0.3.0 * chore(ws): remove unused dev dep * chore: expose generate_session_key * chore: fix import --------- Co-authored-by: Rob Ede <[email protected]> Co-authored-by: asonix <[email protected]>
actix · Jul 29, 2024 · d8a8675 · d8a8675
1 parent cac93d2
commit d8a8675
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 12 deletions.
diff --git a/actix-session/CHANGES.md b/actix-session/CHANGES.md
@@ -6,6 +6,7 @@
 - Rename `redis-rs-session` crate feature to `redis-session`.
 - Rename `redis-rs-tls-session` crate feature to `redis-session-native-tls`.
 - Remove `redis-actor-session` crate feature (and, therefore, the `actix-redis` based storage backend).
+- Expose `storage::generate_session_key()`.
 
 ## 0.9.0
 

diff --git a/actix-session/src/storage/mod.rs b/actix-session/src/storage/mod.rs
@@ -18,6 +18,8 @@ mod redis_rs;
 mod utils;
 
 #[cfg(feature = "cookie-session")]
-pub use cookie::CookieSessionStore;
+pub use self::cookie::CookieSessionStore;
 #[cfg(feature = "redis-session")]
-pub use redis_rs::{RedisSessionStore, RedisSessionStoreBuilder};
+pub use self::redis_rs::{RedisSessionStore, RedisSessionStoreBuilder};
+#[cfg(feature = "redis-session")]
+pub use self::utils::generate_session_key;
diff --git a/actix-session/src/storage/utils.rs b/actix-session/src/storage/utils.rs
@@ -1,17 +1,13 @@
-use rand::{distributions::Alphanumeric, rngs::OsRng, Rng as _};
+use rand::distributions::{Alphanumeric, DistString as _};
 
 use crate::storage::SessionKey;
 
 /// Session key generation routine that follows [OWASP recommendations].
 ///
 /// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
-pub(crate) fn generate_session_key() -> SessionKey {
-    let value = std::iter::repeat(())
-        .map(|()| OsRng.sample(Alphanumeric))
-        .take(64)
-        .collect::<Vec<_>>();
-
-    // These unwraps will never panic because pre-conditions are always verified
-    // (i.e. length and character set)
-    String::from_utf8(value).unwrap().try_into().unwrap()
+pub fn generate_session_key() -> SessionKey {
+    Alphanumeric
+        .sample_string(&mut rand::thread_rng(), 64)
+        .try_into()
+        .expect("generated string should be within size range for a session key")
 }