From 96797fed311151ff889f87c94c7b6aaa16c5d535 Mon Sep 17 00:00:00 2001 From: Gusted Date: Mon, 2 Jan 2023 22:46:39 +0100 Subject: Unify hashing for avatar (#22289) - Unify the hashing code for repository and user avatars into a function. - Use a sane hash function instead of MD5. - Only require hashing once instead of twice(w.r.t. hashing for user avatar). - Improve the comment for the hashing code of why it works. Co-authored-by: Lunny Xiao Co-authored-by: Yarden Shoham --- modules/avatar/hash.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 modules/avatar/hash.go (limited to 'modules') diff --git a/modules/avatar/hash.go b/modules/avatar/hash.go new file mode 100644 index 0000000000..50db9c1943 --- /dev/null +++ b/modules/avatar/hash.go @@ -0,0 +1,28 @@ +// Copyright 2023 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package avatar + +import ( + "crypto/sha256" + "encoding/hex" + "strconv" +) + +// HashAvatar will generate a unique string, which ensures that when there's a +// different unique ID while the data is the same, it will generate a different +// output. It will generate the output according to: +// HEX(HASH(uniqueID || - || data)) +// The hash being used is SHA256. +// The sole purpose of the unique ID is to generate a distinct hash Such that +// two unique IDs with the same data will have a different hash output. +// The "-" byte is important to ensure that data cannot be modified such that +// the first byte is a number, which could lead to a "collision" with the hash +// of another unique ID. +func HashAvatar(uniqueID int64, data []byte) string { + h := sha256.New() + h.Write([]byte(strconv.FormatInt(uniqueID, 10))) + h.Write([]byte{'-'}) + h.Write(data) + return hex.EncodeToString(h.Sum(nil)) +} -- cgit v1.2.3