From 3331c96c06072dce15521e06b59f66d640943878 Mon Sep 17 00:00:00 2001 From: mkelvers Date: Tue, 26 May 2026 15:56:49 +0200 Subject: [PATCH] fix: propagate rand.Read error in token generation --- internal/auth/service/service.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/internal/auth/service/service.go b/internal/auth/service/service.go index 94d5354..f04caae 100644 --- a/internal/auth/service/service.go +++ b/internal/auth/service/service.go @@ -7,6 +7,7 @@ import ( "encoding/base64" "encoding/hex" "errors" + "fmt" "mal/internal/domain" "strings" "time" @@ -58,7 +59,10 @@ func (s *authService) LoginForAPIToken(ctx context.Context, username, password, trimmedName = "Firefox extension" } - rawToken, tokenHash := newOpaqueToken() + rawToken, tokenHash, err := newOpaqueToken() + if err != nil { + return "", nil, err + } if _, err := s.repo.CreateAPIToken(ctx, user.ID, tokenHash, trimmedName); err != nil { return "", nil, err } @@ -123,12 +127,14 @@ func (s *authService) RevokeAllAPITokensForUser(ctx context.Context, userID stri return s.repo.RevokeAllAPITokensForUser(ctx, userID) } -func newOpaqueToken() (token string, tokenHash string) { +func newOpaqueToken() (token string, tokenHash string, err error) { buf := make([]byte, 32) - _, _ = rand.Read(buf) + if _, err := rand.Read(buf); err != nil { + return "", "", fmt.Errorf("generate token bytes: %w", err) + } token = base64.RawURLEncoding.EncodeToString(buf) sum := sha256.Sum256([]byte(token)) tokenHash = hex.EncodeToString(sum[:]) - return token, tokenHash + return token, tokenHash, nil }