bungle
August 15, 2019, 10:15am
2
Basically we just call this:
local char = string.char
local rand = math.random
local encode_base64 = ngx.encode_base64
-- generate a random-looking string by retrieving a chunk of bytes and
-- replacing non-alphanumeric characters with random alphanumeric replacements
-- (we dont care about deriving these bytes securely)
-- this serves to attempt to maintain some backward compatibility with the
-- previous implementation (stripping a UUID of its hyphens), while significantly
-- expanding the size of the keyspace.
local function random_string()
-- get 24 bytes, which will return a 32 char string after encoding
-- this is done in attempt to maintain backwards compatibility as
-- much as possible while improving the strength of this function
return encode_base64(get_rand_bytes(24, true))
:gsub("/", char(rand(48, 57))) -- 0 - 10
:gsub("+", char(rand(65, 90))) -- A - Z
:gsub("=", char(rand(97, 122))) -- a - z
end
_M.random_string = random_string
When we do process_auto_fields:
Which we call on DAO insert
:
if has_errors then
local err_t = self.errors:foreign_keys_unresolved(errors)
return nil, tostring(err_t), err_t
end
return true
end
local function check_insert(self, entity, options)
local entity_to_insert, err = self.schema:process_auto_fields(entity, "insert")
if not entity_to_insert then
local err_t = self.errors:schema_violation(err)
return nil, tostring(err_t), err_t
end
local ok, err, err_t = resolve_foreign(self, entity_to_insert)
if not ok then
return nil, err, err_t
end
end
function DAO:insert(entity, options)
validate_entity_type(entity)
if options ~= nil then
validate_options_type(options)
end
local entity_to_insert, err, err_t = check_insert(self, entity, options)
if not entity_to_insert then
return nil, err, err_t
end
local row, err_t = self.strategy:insert(entity_to_insert, options)
if not row then
return nil, tostring(err_t), err_t
end
row, err, err_t = self:row_to_entity(row, options)
Perhaps you can automatically generate the key yourself using the kong.tools.utils.random_string()
and put that to self.args.post.key
in case the request does not contain key
?