Generating a random number is now less insane.

Fixes issue #44
karai17 · Nov 30, 2016 · 157d9e1 · 157d9e1
1 parent 5fa7336
commit 157d9e1
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 17 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,3 @@ static/b
 *_temp
 *.compiled
 _config.lua
-_install.lua
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ To view a complete list of features, check out the [Feature Set](https://docs.go
 
 * ffmpeg
 * libmagicwand-dev
-* Lua 5.1+ or LuaJIT 2.0+
+* LuaJIT 2.0+
 * Luarocks
 * PostgreSQL or MySQL (untested)
 

diff --git a/controllers/config_site.lua b/controllers/config_site.lua
@@ -5,7 +5,7 @@ local lfs    = require "lfs"
 return function(self)
 	-- Set basic information
 	self.software  = "Lapis-chan"
-	self.version   = "1.2.4"
+	self.version   = "1.2.5"
 	self.site_name = config.site_name
 	self.text_size = _G.text_size
 

diff --git a/models/posts.lua b/models/posts.lua
@@ -8,7 +8,6 @@ local filetypes = require "utils.file_whitelist"
 local generate  = require "utils.generate"
 local Posts     = Model:extend("posts")
 local sf        = string.format
-local ss        = string.sub
 
 --- Prepare post for insertion
 -- @tparam table params Input from the user
@@ -22,7 +21,7 @@ function Posts:prepare_post(params, session, board, thread, files)
 	local time = os.time()
 
 	-- Prepare session stuff
-	session.password = session.password or generate.password(time, session)
+	session.password = session.password or generate.password(time)
 
 	-- Trim white space
 	trim(params, {
@@ -95,7 +94,7 @@ function Posts:prepare_post(params, session, board, thread, files)
 			end
 		end
 
-		local name = sf("%s%s", time, ss(generate.random(time, params), -3))
+		local name = sf("%s%s", time, generate.random())
 		local ext  = params.file.filename:match("^.+(%..+)$")
 		ext = string.lower(ext)
 

diff --git a/utils/generate.lua b/utils/generate.lua
@@ -1,13 +1,12 @@
 local encoding = require "lapis.util.encoding"
 local sha256   = require "resty.sha256"
+local ffi      = require "ffi"
 local posix    = require "posix"
 local salt     = require "secrets.salt"
 local token    = require "secrets.token"
 local bcrypt   = require "bcrypt"
 local sf       = string.format
 local ss       = string.sub
-local tn       = tonumber
-local ts       = tostring
 
 local function get_chunks(str)
 	-- Secure trip
@@ -28,19 +27,25 @@ end
 
 local generate = {}
 
--- Generate a 6char pseudo random number using a supplied timestamp and the
--- memory location of a supplied table because math.random isn't reliable for
--- this use case.
--- HACK: If you have a better idea, send a PR. I hate this as much as you do.
-function generate.random(time, t)
-	return sf("%s%s", time, tn("0x" .. ss(ts(t), -6)))
-	--return tn(ts(t):match("0x(.+)"), 16) -- bartbes thinks this might be better
+-- math.random isn't reliable for this use case, so instead we're gonna snag
+-- some bytes from /dev/urandom, create a uint32, and grab the last 3 digits.
+function generate.random()
+	-- Read uint32_t from /dev/urandom
+	local r = io.open("/dev/urandom", "rb")
+	local bytes = r:read(4)
+	r:close()
+
+	-- Build number
+	local num = ffi.new("unsigned int[1]")
+	ffi.copy(num, bytes, 4)
+
+	return sf("%03d", num[0] % 1000)
 end
 
 -- Generate an insecure password
-function generate.password(time, t)
+function generate.password(time)
 	local hasher = sha256:new()
-	hasher:update(generate.random(time, t))
+	hasher:update(sf("%s%s", time, generate.random()))
 	return encoding.encode_base64(hasher:final())
 end