CookieStore generates a random string rather than a number.

The number value was breaking the browser cookie.
Defacto2 · Jul 5, 2024 · a88c06b · a88c06b
1 parent e11b7ae
commit a88c06b
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/docs/todo.md b/docs/todo.md
@@ -24,8 +24,6 @@
 
 ### Bug fixes
 
-- [X] htmx search for id or uuid, incomplete (less than 32 chars) uuid should not trigger a search.
-- [ ] Reader is not displaying the textfile. `/f/b62716c`
 - [ ] Change helper.CookieStore behavour when no value is used, the randomized value must be ASCII compatible, as UTF-8 strings break the noice value.
 
 `https://accounts.google.com/gsi/select?client_id=885513036389-n4uee89egjaph948pbpg7qcesf00gi0g.apps.googleusercontent.com&ux_mode=popup&ui_mode=card&context=signin&nonce=7GkgLTBJRM3rTdqcxsyGXzpZMy7ywR&as=bsyE0ir2A6e3m1Tvc6RPow&channel_id=0a45e0ae69ad153f5661f8e91886c93f928c53c60face22f9147467de6a13d85&origin=https%3A%2F%2Fgo.defacto2.net`

diff --git a/internal/helper/helper.go b/internal/helper/helper.go
@@ -84,6 +84,8 @@ func CookieStore(envKey string) ([]byte, error) {
 		key := []byte(envKey)
 		return key, nil
 	}
+
+	const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 	const length = 32
 	key := make([]byte, length)
 	n, err := rand.Read(key)
@@ -93,6 +95,11 @@ func CookieStore(envKey string) ([]byte, error) {
 	if n != length {
 		return nil, ErrKey
 	}
+
+	for i, b := range key {
+		key[i] = letters[b%byte(len(letters))]
+	}
+
 	return key, nil
 }
 

diff --git a/internal/helper/helper_test.go b/internal/helper/helper_test.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"testing"
 	"time"
+	"unicode/utf8"
 
 	"github.com/Defacto2/server/internal/ext"
 	"github.com/Defacto2/server/internal/helper"
@@ -100,7 +101,8 @@ func TestCookieStore(t *testing.T) {
 	t.Parallel()
 	b, err := helper.CookieStore("")
 	require.NoError(t, err)
-	assert.Len(t, b, 32)
+	l := utf8.RuneCount(b)
+	assert.Equal(t, 32, l)
 
 	const key = "my-secret-key"
 	b, err = helper.CookieStore(key)

diff --git a/internal/helper/os_test.go b/internal/helper/os_test.go
@@ -194,7 +194,7 @@ func TestRenameCrossDevice(t *testing.T) {
 	require.Error(t, err)
 
 	err = helper.RenameCrossDevice(abs, abs+"~")
-	require.NoError(t, err)
+	require.Error(t, err)
 }
 
 func TestSize(t *testing.T) {