mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-30 13:56:09 +01:00
96797fed31
- Unify the hashing code for repository and user avatars into a function. - Use a sane hash function instead of MD5. - Only require hashing once instead of twice(w.r.t. hashing for user avatar). - Improve the comment for the hashing code of why it works. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Yarden Shoham <hrsi88@gmail.com>
29 lines
978 B
Go
29 lines
978 B
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package avatar
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"strconv"
|
|
)
|
|
|
|
// HashAvatar will generate a unique string, which ensures that when there's a
|
|
// different unique ID while the data is the same, it will generate a different
|
|
// output. It will generate the output according to:
|
|
// HEX(HASH(uniqueID || - || data))
|
|
// The hash being used is SHA256.
|
|
// The sole purpose of the unique ID is to generate a distinct hash Such that
|
|
// two unique IDs with the same data will have a different hash output.
|
|
// The "-" byte is important to ensure that data cannot be modified such that
|
|
// the first byte is a number, which could lead to a "collision" with the hash
|
|
// of another unique ID.
|
|
func HashAvatar(uniqueID int64, data []byte) string {
|
|
h := sha256.New()
|
|
h.Write([]byte(strconv.FormatInt(uniqueID, 10)))
|
|
h.Write([]byte{'-'})
|
|
h.Write(data)
|
|
return hex.EncodeToString(h.Sum(nil))
|
|
}
|