Properly generate secret_token

7 years ago · 8703a32111
parent 4aa9ba8f90
commit 8703a32111
2 changed files with 26 additions and 4 deletions
--- a/lib/asciinema/asciicasts.ex
+++ b/lib/asciinema/asciicasts.ex
@ -2,10 +2,12 @@ defmodule Asciinema.Asciicasts do
  alias Asciinema.{Repo, Asciicast, FileStore}

  def create_asciicast(user, %Plug.Upload{path: path, filename: filename} = upload) do
+    asciicast = %Asciicast{user_id: user.id, file: filename}
+
    with {:ok, json} <- File.read(path),
         {:ok, attrs} <- Poison.decode(json),
         {:ok, attrs} <- extract_attrs(attrs),
-         changeset = Asciicast.changeset(%Asciicast{user_id: user.id, file: filename}, attrs),
+         changeset = Asciicast.create_changeset(asciicast, attrs),
         {:ok, %Asciicast{} = asciicast} <- Repo.insert(changeset) do
      put_file(asciicast, upload)
      {:ok, asciicast}
@ -17,7 +19,7 @@ defmodule Asciinema.Asciicasts do
              duration: attrs["duration"],
              terminal_columns: attrs["width"],
              terminal_lines: attrs["height"],
-              secret_token: "v3ry-sekr1t"} # TODO: move to changeset
+              title: attrs["title"]}
    {:ok, attrs}
  end

--- a/web/models/asciicast.ex
+++ b/web/models/asciicast.ex
@ -17,6 +17,7 @@ defmodule Asciinema.Asciicast do
    field :private, :boolean
    field :secret_token, :string
    field :duration, :float
+    field :title, :string
    field :theme_name, :string
    field :snapshot_at, :float

@ -25,12 +26,31 @@ defmodule Asciinema.Asciicast do
    belongs_to :user, User
  end

-  def changeset(struct, params \\ %{}) do
+  def changeset(struct, attrs \\ %{}) do
    struct
-    |> cast(params, [:user_id, :version, :file, :duration, :terminal_columns, :terminal_lines, :secret_token])
+    |> cast(attrs, [:title])
+  end
+
+  def create_changeset(struct, attrs) do
+    struct
+    |> changeset(attrs)
+    |> cast(attrs, [:user_id, :version, :file, :duration, :terminal_columns, :terminal_lines])
+    |> generate_secret_token
    |> validate_required([:user_id, :version, :duration, :terminal_columns, :terminal_lines, :secret_token])
  end

+  defp generate_secret_token(changeset) do
+    put_change(changeset, :secret_token, random_token(25))
+  end
+
+  defp random_token(length) do
+    length
+    |> :crypto.strong_rand_bytes
+    |> Base.url_encode64
+    |> String.replace(~r/[_=-]/, "")
+    |> binary_part(0, length)
+  end
+
  def by_id_or_secret_token(thing) do
    if String.length(thing) == 25 do
      from a in __MODULE__, where: a.secret_token == ^thing