-
Notifications
You must be signed in to change notification settings - Fork 582
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add cryptorand package for random string and number generation #32
Conversation
This package is taken from the monorepo, and was renamed from crand for improved clarity. It will be used for API key generation.
Codecov Report
@@ Coverage Diff @@
## main #32 +/- ##
==========================================
- Coverage 71.01% 69.44% -1.57%
==========================================
Files 18 40 +22
Lines 138 1630 +1492
Branches 7 7
==========================================
+ Hits 98 1132 +1034
- Misses 36 394 +358
- Partials 4 104 +100
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for splitting this out!
cryptorand/must.go
Outdated
@@ -0,0 +1,11 @@ | |||
package cryptorand |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assuming this is brought in mostly unchanged (aside from the name-change). Thanks for making the name clearer btw
There is little precedence of functions leading with Must being idiomatic in Go code. Ignoring errors in favor of a panic is dangerous in highly-reliable code.
// random Int63 data. | ||
|
||
// Int64 returns a non-negative random 63-bit integer as a int64. | ||
func Int63() (int64, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW, the Must*
helpers are useful because I don't think rand.Reader
can actually fail since it uses urandom https://pkg.go.dev/crypto/rand#pkg-variables
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could maybe simplify by removing the non-must variants and just panicing instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This package could be used on Mac and Windows too, where the guarantee of entropy isn't there!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess both are useful, since we don't care if tests panic/fail, but production code should check errors 🤷♂️
This package is taken from the monorepo, and was renamed from crand
for improved clarity. It will be used for API key generation.