From 98106ec74f4d35d9d47e689962218cd0f4665b5f Mon Sep 17 00:00:00 2001
From: mutantmonkey <mutantmonkey@mutantmonkey.in>
Date: Thu, 1 Oct 2015 22:09:40 -0700
Subject: [PATCH] use better random for URLs and delete keys

Using a PRNG seeded based on only the time for these is a bad idea as
the output is predictable. Instead, use a package that generates random
strings using go's crypo/rand package to provide cryptographically
secure random URLs and delete keys.
---
 upload.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/upload.go b/upload.go
index a49812a..edc4742 100644
--- a/upload.go
+++ b/upload.go
@@ -16,6 +16,7 @@ import (
 	"strings"
 
 	"bitbucket.org/taruti/mimemagic"
+	"github.com/dchest/uniuri"
 	"github.com/zenazn/goji/web"
 )
 
@@ -219,7 +220,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
 
 	// If no delete key specified, pick a random one.
 	if upReq.deletionKey == "" {
-		upload.DeleteKey = randomString(30)
+		upload.DeleteKey = uniuri.NewLen(30)
 	} else {
 		upload.DeleteKey = upReq.deletionKey
 	}
@@ -240,7 +241,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
 }
 
 func generateBarename() string {
-	return randomString(8)
+	return uniuri.NewLenChars(8, []byte("abcdefghijklmnopqrstuvwxyz0123456789"))
 }
 
 func generateJSONresponse(upload Upload) []byte {