From 8f4806f1d46acd52a1d5ab925c5511cf779d7bf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?= Date: Thu, 14 Mar 2024 12:06:31 +0100 Subject: [PATCH] refactor: replace uniuri with custom code --- go.sum | 2 - ocis-pkg/generators/password.go | 30 ++++- .../pkg/config/defaults/defaultconfig.go | 5 +- vendor/github.com/dchest/uniuri/COPYING | 121 ------------------ vendor/github.com/dchest/uniuri/README.md | 95 -------------- vendor/github.com/dchest/uniuri/uniuri.go | 120 ----------------- vendor/modules.txt | 3 - 7 files changed, 32 insertions(+), 344 deletions(-) delete mode 100644 vendor/github.com/dchest/uniuri/COPYING delete mode 100644 vendor/github.com/dchest/uniuri/README.md delete mode 100644 vendor/github.com/dchest/uniuri/uniuri.go diff --git a/go.sum b/go.sum index 919a250a01..7bf4922cf0 100644 --- a/go.sum +++ b/go.sum @@ -1031,8 +1031,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dchest/uniuri v1.2.0 h1:koIcOUdrTIivZgSLhHQvKgqdWZq5d7KdMEWF1Ud6+5g= -github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4kxhkY= github.com/deckarep/golang-set v1.8.0 h1:sk9/l/KqpunDwP7pSjUg0keiOOLEnOBHzykLrsPppp4= github.com/deckarep/golang-set v1.8.0/go.mod h1:5nI87KwE7wgsBU1F4GKAw2Qod7p5kyS383rP6+o6qqo= github.com/deepmap/oapi-codegen v1.3.11/go.mod h1:suMvK7+rKlx3+tpa8ByptmvoXbAV70wERKTOGH3hLp0= diff --git a/ocis-pkg/generators/password.go b/ocis-pkg/generators/password.go index 3c2d571fa5..7083cc1805 100644 --- a/ocis-pkg/generators/password.go +++ b/ocis-pkg/generators/password.go @@ -5,8 +5,36 @@ import ( "math/big" ) +const ( + // PasswordChars contains alphanumeric chars (0-9, A-Z, a-z), plus "-=+!@#$%^&*." + PasswordChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-=+!@#$%^&*." + // AlphaNumChars contains alphanumeric chars (0-9, A-Z, a-z) + AlphaNumChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" +) + +// GenerateRandomPassword generates a random password with the given length. +// The password will contain chars picked from the `PasswordChars` constant. +// If an error happens, the string will be empty and the error will be non-nil. +// +// This is equivalent to `GenerateRandomString(PasswordChars, length)` func GenerateRandomPassword(length int) (string, error) { - const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-=+!@#$%^&*." + return generateString(PasswordChars, length) +} + +// GenerateRandomString generates a random string with the given length +// based on the chars provided. You can use `PasswordChars` or `AlphaNumChars` +// constants, or even any other string. +// +// Chars from the provided string will be picked uniformly. The provided +// constants have unique chars, which means that all the chars will have the +// same probability of being picked. +// You can use your own strings to change that probability. For example, using +// "AAAB" you'll have a 75% of probability of getting "A" and 25% of "B" +func GenerateRandomString(chars string, length int) (string, error) { + return generateString(chars, length) +} + +func generateString(chars string, length int) (string, error) { ret := make([]byte, length) for i := 0; i < length; i++ { num, err := rand.Int(rand.Reader, big.NewInt(int64(len(chars)))) diff --git a/services/collaboration/pkg/config/defaults/defaultconfig.go b/services/collaboration/pkg/config/defaults/defaultconfig.go index 05cfe38933..872b05e5af 100644 --- a/services/collaboration/pkg/config/defaults/defaultconfig.go +++ b/services/collaboration/pkg/config/defaults/defaultconfig.go @@ -1,7 +1,7 @@ package defaults import ( - "github.com/dchest/uniuri" + "github.com/owncloud/ocis/v2/ocis-pkg/generators" "github.com/owncloud/ocis/v2/services/collaboration/pkg/config" ) @@ -15,6 +15,7 @@ func FullDefaultConfig() *config.Config { // DefaultConfig returns a basic default configuration func DefaultConfig() *config.Config { + secret, _ := generators.GenerateRandomString(generators.AlphaNumChars, 32) // anything to do with the error? return &config.Config{ Service: config.Service{ Name: "collaboration", @@ -25,7 +26,7 @@ func DefaultConfig() *config.Config { Icon: "image-edit", LockName: "com.github.owncloud.collaboration", }, - JWTSecret: uniuri.NewLen(32), + JWTSecret: secret, GRPC: config.GRPC{ Addr: "0.0.0.0:9301", Namespace: "com.owncloud.collaboration", diff --git a/vendor/github.com/dchest/uniuri/COPYING b/vendor/github.com/dchest/uniuri/COPYING deleted file mode 100644 index 0e259d42c9..0000000000 --- a/vendor/github.com/dchest/uniuri/COPYING +++ /dev/null @@ -1,121 +0,0 @@ -Creative Commons Legal Code - -CC0 1.0 Universal - - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE - LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN - ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS - INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES - REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS - PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM - THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED - HEREUNDER. - -Statement of Purpose - -The laws of most jurisdictions throughout the world automatically confer -exclusive Copyright and Related Rights (defined below) upon the creator -and subsequent owner(s) (each and all, an "owner") of an original work of -authorship and/or a database (each, a "Work"). - -Certain owners wish to permanently relinquish those rights to a Work for -the purpose of contributing to a commons of creative, cultural and -scientific works ("Commons") that the public can reliably and without fear -of later claims of infringement build upon, modify, incorporate in other -works, reuse and redistribute as freely as possible in any form whatsoever -and for any purposes, including without limitation commercial purposes. -These owners may contribute to the Commons to promote the ideal of a free -culture and the further production of creative, cultural and scientific -works, or to gain reputation or greater distribution for their Work in -part through the use and efforts of others. - -For these and/or other purposes and motivations, and without any -expectation of additional consideration or compensation, the person -associating CC0 with a Work (the "Affirmer"), to the extent that he or she -is an owner of Copyright and Related Rights in the Work, voluntarily -elects to apply CC0 to the Work and publicly distribute the Work under its -terms, with knowledge of his or her Copyright and Related Rights in the -Work and the meaning and intended legal effect of CC0 on those rights. - -1. Copyright and Related Rights. A Work made available under CC0 may be -protected by copyright and related or neighboring rights ("Copyright and -Related Rights"). Copyright and Related Rights include, but are not -limited to, the following: - - i. the right to reproduce, adapt, distribute, perform, display, - communicate, and translate a Work; - ii. moral rights retained by the original author(s) and/or performer(s); -iii. publicity and privacy rights pertaining to a person's image or - likeness depicted in a Work; - iv. rights protecting against unfair competition in regards to a Work, - subject to the limitations in paragraph 4(a), below; - v. rights protecting the extraction, dissemination, use and reuse of data - in a Work; - vi. database rights (such as those arising under Directive 96/9/EC of the - European Parliament and of the Council of 11 March 1996 on the legal - protection of databases, and under any national implementation - thereof, including any amended or successor version of such - directive); and -vii. other similar, equivalent or corresponding rights throughout the - world based on applicable law or treaty, and any national - implementations thereof. - -2. Waiver. To the greatest extent permitted by, but not in contravention -of, applicable law, Affirmer hereby overtly, fully, permanently, -irrevocably and unconditionally waives, abandons, and surrenders all of -Affirmer's Copyright and Related Rights and associated claims and causes -of action, whether now known or unknown (including existing as well as -future claims and causes of action), in the Work (i) in all territories -worldwide, (ii) for the maximum duration provided by applicable law or -treaty (including future time extensions), (iii) in any current or future -medium and for any number of copies, and (iv) for any purpose whatsoever, -including without limitation commercial, advertising or promotional -purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each -member of the public at large and to the detriment of Affirmer's heirs and -successors, fully intending that such Waiver shall not be subject to -revocation, rescission, cancellation, termination, or any other legal or -equitable action to disrupt the quiet enjoyment of the Work by the public -as contemplated by Affirmer's express Statement of Purpose. - -3. Public License Fallback. Should any part of the Waiver for any reason -be judged legally invalid or ineffective under applicable law, then the -Waiver shall be preserved to the maximum extent permitted taking into -account Affirmer's express Statement of Purpose. In addition, to the -extent the Waiver is so judged Affirmer hereby grants to each affected -person a royalty-free, non transferable, non sublicensable, non exclusive, -irrevocable and unconditional license to exercise Affirmer's Copyright and -Related Rights in the Work (i) in all territories worldwide, (ii) for the -maximum duration provided by applicable law or treaty (including future -time extensions), (iii) in any current or future medium and for any number -of copies, and (iv) for any purpose whatsoever, including without -limitation commercial, advertising or promotional purposes (the -"License"). The License shall be deemed effective as of the date CC0 was -applied by Affirmer to the Work. Should any part of the License for any -reason be judged legally invalid or ineffective under applicable law, such -partial invalidity or ineffectiveness shall not invalidate the remainder -of the License, and in such case Affirmer hereby affirms that he or she -will not (i) exercise any of his or her remaining Copyright and Related -Rights in the Work or (ii) assert any associated claims and causes of -action with respect to the Work, in either case contrary to Affirmer's -express Statement of Purpose. - -4. Limitations and Disclaimers. - - a. No trademark or patent rights held by Affirmer are waived, abandoned, - surrendered, licensed or otherwise affected by this document. - b. Affirmer offers the Work as-is and makes no representations or - warranties of any kind concerning the Work, express, implied, - statutory or otherwise, including without limitation warranties of - title, merchantability, fitness for a particular purpose, non - infringement, or the absence of latent or other defects, accuracy, or - the present or absence of errors, whether or not discoverable, all to - the greatest extent permissible under applicable law. - c. Affirmer disclaims responsibility for clearing rights of other persons - that may apply to the Work or any use thereof, including without - limitation any person's Copyright and Related Rights in the Work. - Further, Affirmer disclaims responsibility for obtaining any necessary - consents, permissions or other rights required for any use of the - Work. - d. Affirmer understands and acknowledges that Creative Commons is not a - party to this document and has no duty or obligation with respect to - this CC0 or use of the Work. diff --git a/vendor/github.com/dchest/uniuri/README.md b/vendor/github.com/dchest/uniuri/README.md deleted file mode 100644 index 6240bc9bae..0000000000 --- a/vendor/github.com/dchest/uniuri/README.md +++ /dev/null @@ -1,95 +0,0 @@ -Package uniuri -===================== - -```go -import "github.com/dchest/uniuri" -``` - -Package uniuri generates random strings good for use in URIs to identify -unique objects. - -Example usage: - -```go -s := uniuri.New() // s is now "apHCJBl7L1OmC57n" -``` - -A standard string created by New() is 16 bytes in length and consists of -Latin upper and lowercase letters, and numbers (from the set of 62 allowed -characters), which means that it has ~95 bits of entropy. To get more -entropy, you can use NewLen(UUIDLen), which returns 20-byte string, giving -~119 bits of entropy, or any other desired length. - -Functions read from crypto/rand random source, and panic if they fail to -read from it. - - -Constants ---------- - -```go -const ( - // StdLen is a standard length of uniuri string to achive ~95 bits of entropy. - StdLen = 16 - // UUIDLen is a length of uniuri string to achive ~119 bits of entropy, closest - // to what can be losslessly converted to UUIDv4 (122 bits). - UUIDLen = 20 -) - -``` - - - -Variables ---------- - -```go -var StdChars = []byte("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") -``` - - -StdChars is a set of standard characters allowed in uniuri string. - - -Functions ---------- - -### func New - -```go -func New() string -``` - -New returns a new random string of the standard length, consisting of -standard characters. - -### func NewLen - -```go -func NewLen(length int) string -``` - -NewLen returns a new random string of the provided length, consisting of -standard characters. - -### func NewLenChars - -```go -func NewLenChars(length int, chars []byte) string -``` - -NewLenChars returns a new random string of the provided length, consisting -of the provided byte slice of allowed characters (maximum 256). - - - -Public domain dedication ------------------------- - -Written in 2011-2014 by Dmitry Chestnykh - -The author(s) have dedicated all copyright and related and -neighboring rights to this software to the public domain -worldwide. Distributed without any warranty. -http://creativecommons.org/publicdomain/zero/1.0/ - diff --git a/vendor/github.com/dchest/uniuri/uniuri.go b/vendor/github.com/dchest/uniuri/uniuri.go deleted file mode 100644 index dd96592120..0000000000 --- a/vendor/github.com/dchest/uniuri/uniuri.go +++ /dev/null @@ -1,120 +0,0 @@ -// Written in 2011-2014 by Dmitry Chestnykh -// -// The author(s) have dedicated all copyright and related and -// neighboring rights to this software to the public domain -// worldwide. Distributed without any warranty. -// http://creativecommons.org/publicdomain/zero/1.0/ - -// Package uniuri generates random strings good for use in URIs to identify -// unique objects. -// -// Example usage: -// -// s := uniuri.New() // s is now "apHCJBl7L1OmC57n" -// -// A standard string created by New() is 16 bytes in length and consists of -// Latin upper and lowercase letters, and numbers (from the set of 62 allowed -// characters), which means that it has ~95 bits of entropy. To get more -// entropy, you can use NewLen(UUIDLen), which returns 20-byte string, giving -// ~119 bits of entropy, or any other desired length. -// -// Functions read from crypto/rand random source, and panic if they fail to -// read from it. -package uniuri - -import ( - "crypto/rand" - "math" -) - -const ( - // StdLen is a standard length of uniuri string to achive ~95 bits of entropy. - StdLen = 16 - // UUIDLen is a length of uniuri string to achive ~119 bits of entropy, closest - // to what can be losslessly converted to UUIDv4 (122 bits). - UUIDLen = 20 -) - -// StdChars is a set of standard characters allowed in uniuri string. -var StdChars = []byte("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") - -// New returns a new random string of the standard length, consisting of -// standard characters. -func New() string { - return NewLenChars(StdLen, StdChars) -} - -// NewLen returns a new random string of the provided length, consisting of -// standard characters. -func NewLen(length int) string { - return NewLenChars(length, StdChars) -} - -// maxBufLen is the maximum length of a temporary buffer for random bytes. -const maxBufLen = 2048 - -// minRegenBufLen is the minimum length of temporary buffer for random bytes -// to fill after the first rand.Read request didn't produce the full result. -// If the initial buffer is smaller, this value is ignored. -// Rationale: for performance, assume it's pointless to request fewer bytes from rand.Read. -const minRegenBufLen = 16 - -// estimatedBufLen returns the estimated number of random bytes to request -// given that byte values greater than maxByte will be rejected. -func estimatedBufLen(need, maxByte int) int { - return int(math.Ceil(float64(need) * (255 / float64(maxByte)))) -} - -// NewLenCharsBytes returns a new random byte slice of the provided length, consisting -// of the provided byte slice of allowed characters (maximum 256). -func NewLenCharsBytes(length int, chars []byte) []byte { - if length == 0 { - return nil - } - clen := len(chars) - if clen < 2 || clen > 256 { - panic("uniuri: wrong charset length for NewLenChars") - } - maxrb := 255 - (256 % clen) - buflen := estimatedBufLen(length, maxrb) - if buflen < length { - buflen = length - } - if buflen > maxBufLen { - buflen = maxBufLen - } - buf := make([]byte, buflen) // storage for random bytes - out := make([]byte, length) // storage for result - i := 0 - for { - if _, err := rand.Read(buf[:buflen]); err != nil { - panic("uniuri: error reading random bytes: " + err.Error()) - } - for _, rb := range buf[:buflen] { - c := int(rb) - if c > maxrb { - // Skip this number to avoid modulo bias. - continue - } - out[i] = chars[c%clen] - i++ - if i == length { - return out - } - } - // Adjust new requested length, but no smaller than minRegenBufLen. - buflen = estimatedBufLen(length-i, maxrb) - if buflen < minRegenBufLen && minRegenBufLen < cap(buf) { - buflen = minRegenBufLen - } - if buflen > maxBufLen { - buflen = maxBufLen - } - } -} - -// NewLenChars returns a new random string of the provided length, consisting -// of the provided byte slice of allowed characters (maximum 256). -func NewLenChars(length int, chars []byte) string { - return string(NewLenCharsBytes(length, chars)) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 235ef5a61a..06e891fc77 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -737,9 +737,6 @@ github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc ## explicit github.com/davecgh/go-spew/spew -# github.com/dchest/uniuri v1.2.0 -## explicit; go 1.19 -github.com/dchest/uniuri # github.com/deckarep/golang-set v1.8.0 ## explicit; go 1.17 github.com/deckarep/golang-set