feat: add GenerateSecureToken and SecureToken (256-bit default) #165

sixcolors · 2025-12-02T21:04:31Z

Summary

This PR introduces a safer, flexible secure token API for Fiber, following the established google/uuid library pattern:

SecureToken() string — base case (panics on crypto failures, like uuid.New()).
SecureTokenRandom() (string, error) — error-returning variant for explicit handling.
GenerateSecureToken(length int) (string, error) — primary API with custom length.
GenerateSecureTokenMust(length int) string — convenience wrapper that panics.

Why

Security First: 32 bytes (256 bits) entropy, URL-safe base64, crypto/rand based.
Fail-Fast: No silent fallback to weaker security (unlike UUIDv4).
API Consistency: Follows google/uuid pattern (panic as base case).
Migration Ready: Drop-in replacement for Fiber middleware (currently uses UUIDv4()).

Key changes

Added SecureToken() as panic-on-failure base case (like uuid.New()).
Added SecureTokenRandom() for error-handling use cases.
Kept GenerateSecureToken* functions for advanced usage.
UUIDv4() remains for backward compatibility.

Safety & behavior

crypto/rand failures cause panics in base APIs (extremely rare but critical).
Random variants allow explicit error handling for library authors.
Migration from UUIDv4() to SecureToken() is seamless (both never fail in practice).

Checklist

Tests pass
Benchmarks added
API follows google/uuid pattern
Branch pushed: feat/secure-token-replace-uuidv4

Summary by CodeRabbit

New Features
- Added cryptographically secure token generation functionality with customizable length and convenient default options.
Tests
- Added comprehensive test coverage for token generation, including concurrency, error handling, and performance benchmarks.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

…tion - Add GenerateSecureToken(length int) for configurable secure tokens - Add SecureToken() with default 32 bytes (256 bits entropy) - Uses crypto/rand and base64.RawURLEncoding for URL-safe output - Includes comprehensive tests and benchmarks - Performance comparable to UUIDv4 with higher security - Intended to replace UUIDv4 as default for Fiber v3 token/key/sessionID generation

gemini-code-assist · 2025-12-02T21:04:45Z

Summary of Changes

Hello @sixcolors, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly upgrades the token generation capabilities within the utility package by introducing SecureToken and GenerateSecureToken. These new functions provide a more robust and secure method for creating tokens, session IDs, and keys, adhering to modern security standards. The change aims to improve the overall security posture of applications built with Fiber v3, offering a secure and performant alternative to the existing UUIDv4 function, with full backward compatibility.

Highlights

New Secure Token Generation: Introduced SecureToken() and GenerateSecureToken(length int) functions for modern, cryptographically secure token generation, replacing UUIDv4() as the recommended approach for new implementations.
Enhanced Security: The new functions utilize crypto/rand for high-quality randomness and base64.RawURLEncoding for URL-safe output, providing 256 bits of entropy by default, aligning with OWASP and industry best practices.
Performance and Flexibility: Benchmarks show performance comparable to UUIDv4() while offering higher entropy. GenerateSecureToken allows configurable token lengths for various use cases.
Comprehensive Testing: Extensive test coverage has been added, including unit tests for different lengths, uniqueness, and concurrency, along with benchmarks to validate performance.
Backward Compatibility: UUIDv4() remains available, ensuring existing code continues to function without disruption, while new projects can adopt the more secure defaults.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

codecov · 2025-12-02T21:05:49Z

Codecov Report

❌ Patch coverage is 87.50000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.59%. Comparing base (f6c45bc) to head (1e48df4).
⚠️ Report is 36 commits behind head on master.

Files with missing lines	Patch %	Lines
common.go	87.50%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #165      +/-   ##
==========================================
+ Coverage   83.48%   84.59%   +1.10%     
==========================================
  Files          11       12       +1     
  Lines         763      954     +191     
==========================================
+ Hits          637      807     +170     
- Misses        115      126      +11     
- Partials       11       21      +10

Flag	Coverage Δ
unittests	`84.59% <87.50%> (+1.10%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

gemini-code-assist

Code Review

This pull request introduces GenerateSecureToken and SecureToken as modern, secure alternatives for token generation, which is a great improvement. The implementation is solid and well-tested. However, I've identified a critical security issue in the error handling of GenerateSecureToken. When crypto/rand.Read fails, the function silently falls back to UUIDv4, which can mask critical system errors and produce tokens that violate the function's contract in terms of format, length, and entropy. I've recommended panicking in this scenario, which is the idiomatic Go approach for such unrecoverable errors in cryptographic contexts.

common.go

sixcolors · 2025-12-02T21:06:22Z

If accepted, I will update github.com/gofiber/fiber token/key/id defaults from utils.UUIDv4 to utils.SecureToken()

coderabbitai · 2025-12-02T21:07:44Z

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds cryptographically secure token utilities and extensive tests: new GenerateSecureToken(length int) (string, error) with package-level randRead indirection, its Must wrapper and 32-byte convenience helpers; concurrency and error-path tests, benchmarks; and removal of t.Parallel() from two string tests.

Changes

Cohort / File(s)	Summary
Token generation implementation `common.go`	Adds `GenerateSecureToken(length int) (string, error)` (defaults length ≤ 0 to 32, reads random bytes via package-level `randRead`, encodes with `base64.RawURLEncoding`, returns formatted error on read failure). Adds `GenerateSecureTokenMust(length int) string` (panics on error), `SecureToken() (string, error)`, `SecureTokenMust() string`, and `var randRead = rand.Read`. Imports updated to include `encoding/base64` and `fmt`.
Tests and benchmarks `common_test.go`	Adds tests: `Test_GenerateSecureToken`, `Test_GenerateSecureToken_Concurrency`, `Test_GenerateSecureToken_ErrorOnRandFail`, `Test_SecureToken`. Adds benchmarks: `Benchmark_GenerateSecureToken` and `Benchmark_TokenGenerators`. Covers default/custom lengths, uniqueness, concurrency, error injection via `randRead` override, and performance.
Test parallelism change `strings_test.go`	Removes `t.Parallel()` from `Test_ToUpper` and `Test_ToLower` and their subtests, making those tests run sequentially.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Inspect randRead indirection for safe test injection and ensure it's restored after tests.
Validate panic behavior of GenerateSecureTokenMust and its test coverage.
Confirm base64 encoding vs. caller length expectations (encoded length vs. entropy bytes).
Review concurrency test for flakiness and proper uniqueness assertions.

Poem

🐰 I nibble bytes from crypto's chest,
curl them in base64, snug and dressed,
thirty-two hops for a secret seed,
tests keep watch while threads all speed,
a tiny token — leap and rest.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding new GenerateSecureToken and SecureToken functions with 256-bit (32-byte) default entropy.

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch feat/secure-token-replace-uuidv4

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (1)

common.go (1)
101-105: Add upper bound validation for token length.

The function doesn't validate excessively large length values, which could cause memory allocation issues or denial-of-service if a large value is passed.

Apply this diff to add reasonable upper bound validation:
 func GenerateSecureToken(length int) string {
 	if length <= 0 {
 		length = 32
+	} else if length > 1024 {
+		// Cap at 1024 bytes to prevent excessive memory allocation
+		length = 1024
 	}
 	bytes := make([]byte, length)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f6c45bc and 5c437d7.

📒 Files selected for processing (2)

common.go (2 hunks)
common_test.go (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

common_test.go (1)

common.go (3)

GenerateSecureToken (101-111)

SecureToken (114-116)

UUIDv4 (90-96)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

GitHub Check: Compare

🔇 Additional comments (7)

common.go (2)

9-9: LGTM!

The encoding/base64 import is correctly added to support URL-safe base64 encoding in the new token generation functions.

113-116: LGTM!

The wrapper function provides a clear, convenient API for the default 32-byte secure token generation.

common_test.go (5)

102-123: LGTM!

The test comprehensively validates default length, custom lengths, uniqueness, and edge cases. The base64 length assertions are mathematically correct.

125-140: LGTM!

The concurrency test properly validates that tokens generated concurrently are unique, following the same pattern as existing UUID concurrency tests.

142-151: LGTM!

The test adequately validates the SecureToken wrapper function's output length, non-emptiness, and uniqueness.

348-363: LGTM!

The benchmark properly measures performance for different token lengths and includes validation assertions.

365-380: LGTM!

The comparative benchmark effectively measures the performance difference between UUIDv4 and SecureToken generation, as referenced in the PR objectives.

common.go

Copilot

Pull request overview

This PR introduces secure token generation functions (GenerateSecureToken and SecureToken) as modern alternatives to UUIDv4 for session IDs and security tokens. The implementation uses crypto/rand with base64 URL-safe encoding to provide 256-bit entropy tokens.

Key Changes:

Added GenerateSecureToken(length int) for configurable-length secure token generation with base64 URL encoding
Added SecureToken() as a convenience wrapper that generates 32-byte (256-bit) tokens
Comprehensive test coverage including concurrency tests and performance benchmarks

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
common.go	Implements `GenerateSecureToken()` and `SecureToken()` functions using `crypto/rand` for cryptographically secure random bytes and `base64.RawURLEncoding` for URL-safe output
common_test.go	Adds unit tests for basic functionality, edge cases (invalid lengths), uniqueness verification, concurrency safety, and performance benchmarks comparing against UUIDv4

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

common_test.go

common.go

common_test.go

gaby · 2025-12-02T21:17:29Z

@sixcolors We shouldn't fall back to UUIDv4

…d negative length test - Replace UUIDv4 fallback with panic for security (fail fast) - Fix misleading documentation about default length - Add test case for negative length values - Addresses comments from gemini-code-assist, coderabbitai, and Copilot

AllocsPerRun cannot be called during parallel tests. Removed t.Parallel() from Test_ToUpper and Test_ToLower to fix panic in test runs.

sixcolors · 2025-12-03T01:13:06Z

The panic path for crypto/rand.Read failure is not tested because:

crypto/rand.Read failures are extremely rare system-level failures
Mocking crypto/rand would require significant test infrastructure
The panic ensures visibility of critical failures in production
If crypto/rand.Read fails, it indicates severe system issues (e.g., entropy exhaustion)
and the application should not continue silently.

…ecureTokenMust; update SecureToken to use Must; update tests/benchmarks

…rs to error API

sixcolors · 2025-12-03T01:34:08Z

Updated PR summary:

Summary
This PR introduces GenerateSecureToken(length int) (string, error) and GenerateSecureTokenMust(length int) string plus SecureToken() which uses GenerateSecureTokenMust(32). The default token size is 32 bytes (256 bits of entropy).

Key changes

GenerateSecureToken(length int) (string, error) — returns error on crypto/rand failures
GenerateSecureTokenMust(length int) string — panics on failure (convenience)
SecureToken() now calls GenerateSecureTokenMust(32) and will panic on randomness failures
Tests updated: cover error-returning API, Must variant, concurrency, benchmarks and negative/zero length handling

Why

Primary API now returns an error (library-friendly): callers can handle rare system-level failures.
Must variant preserves convenience for apps preferring fail-fast behavior.

Migration

UUIDv4() remains available. When Fiber switches middleware defaults to SecureToken(), document how to opt out or configure a custom generator.

Notes

The panic path remains intentional for GenerateSecureTokenMust and SecureToken() to ensure fail-fast behavior on critical cryptographic failures.

(Changes already pushed to branch feat/secure-token-replace-uuidv4.)

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (1)

common_test.go (1)
157-158: Use errors.New instead of fmt.Errorf for static error messages.

Since the error message has no format parameters, errors.New is more appropriate and slightly more efficient.

Apply this diff:
 	// Simulate read failure
 	randRead = func(b []byte) (int, error) {
-		return 0, fmt.Errorf("simulated failure")
+		return 0, errors.New("simulated failure")
 	}
Add the import:
 import (
 	"crypto/rand"
+	"errors"
 	"fmt"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fbd057e and 57c5cbb.

📒 Files selected for processing (2)

common.go (3 hunks)
common_test.go (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

common_test.go (1)

common.go (4)

GenerateSecureToken (109-118)

GenerateSecureTokenMust (121-127)

SecureToken (136-138)

UUIDv4 (94-100)

🪛 GitHub Actions: golangci-lint

common.go

[error] 9-9: golangci-lint: File is not properly formatted (gofmt)

🪛 GitHub Check: lint

common_test.go

[failure] 158-158:
use-errors-new: replace fmt.Errorf by errors.New (revive)

[failure] 158-158:
unnecessary-format: unnecessary use of formatting function "fmt.Errorf", you can replace it with "errors.New" (revive)

[failure] 158-158:
error-format: fmt.Errorf can be replaced with errors.New (perfsprint)

[failure] 157-157:
unused-parameter: parameter 'b' seems to be unused, consider removing or renaming it as _ (revive)

[failure] 380-380:
File is not properly formatted (gofumpt)

[failure] 380-380:
File is not properly formatted (gofmt)

common.go

[failure] 9-9:
File is not properly formatted (gofumpt)

[failure] 9-9:
File is not properly formatted (gofmt)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

GitHub Check: Build (1.23.x, windows-latest)
GitHub Check: Compare

🔇 Additional comments (5)

common.go (1)

109-138: LGTM! Well-designed API surface.

The three-function design is excellent:

GenerateSecureToken(length) returns (string, error) for explicit error handling

GenerateSecureTokenMust(length) panics for convenience when errors are unexpected

SecureToken() provides a sensible default (32 bytes)

The documentation clearly warns about panic behavior, and the implementation correctly uses crypto/rand via the testable randRead indirection.

common_test.go (4)

102-132: LGTM! Comprehensive test coverage.

The test covers all essential cases:

Various token lengths (8, 16, 32 bytes) with correct base64 length assertions

Uniqueness verification

Edge cases (zero and negative lengths properly default to 32 bytes)

134-149: LGTM! Solid concurrency test.

The test verifies that 1000 concurrent token generations produce unique results, ensuring thread-safety. The pattern matches existing UUID concurrency tests in this file.

170-179: LGTM! Proper coverage of the convenience function.

The test verifies SecureToken() produces the expected 32-byte token (43 base64 characters) and ensures uniqueness across multiple calls.

393-408: LGTM! Excellent performance comparison benchmark.

This benchmark provides a direct comparison between UUIDv4 and SecureToken, supporting the PR's performance claims. The structure with post-benchmark assertions ensures correctness alongside performance measurement.

common_test.go

common.go

- Remove duplicate GenerateSecureToken doc comments (AI error) - Replace fmt.Errorf with errors.New for simple error messages - Rename unused parameter 'b' to '_' in test mock function - Fix formatting (gofmt): import order and indentation - Add errors import to common_test.go All tests pass. Ready for review.

gaby · 2025-12-03T06:00:07Z

Reference: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation

gaby

LGTM, just one small thing

common.go

- SecureToken() now returns (string, error) for explicit error handling - Add SecureTokenMust() as convenience wrapper that panics on failure - Update tests to handle new SecureToken() error return - Update benchmarks to use SecureTokenMust() for performance This provides both error-handling and fail-fast APIs, giving users choice while maintaining backward compatibility through the Must variant.

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (2)

common_test.go (1)

152-169: Error-path test via randRead override is effective; consider a small comment

Overriding randRead with a failing implementation and restoring it via defer is a clean way to exercise both the error-returning API and the panic behavior of the Must variant. Since this test is non-parallel and the only place that mutates randRead, there’s no race today, but a brief comment noting the global mutation assumption would help future maintainers avoid adding t.Parallel() here or introducing other overrides that could race.
common.go (1)
27-30: randRead indirection pattern looks good; comment can be tightened

Using a package-level variable for the random reader makes the error-path testable without affecting production behavior, which is a solid approach. Minor nit: the comment is split mid-sentence (so tests / can override it), which reads a bit awkwardly—consider rewriting as a single two-line comment for clarity.

Example:
// randRead is a package-level indirection for crypto/rand.Read
// that tests can override to simulate failures.
var randRead = rand.Read

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0c29b5d and c1b2f61.

📒 Files selected for processing (2)

common.go (3 hunks)
common_test.go (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

common_test.go (1)

common.go (5)

GenerateSecureToken (107-116)

GenerateSecureTokenMust (119-125)

SecureToken (129-131)

UUIDv4 (95-101)

SecureTokenMust (135-137)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

GitHub Check: Build (1.24.x, macos-latest)
GitHub Check: Compare

🔇 Additional comments (5)

common_test.go (4)

103-133: GenerateSecureToken test coverage looks strong

This hits explicit sizes (8, 16, 32), validates encoded lengths, checks non-emptiness, and exercises the length <= 0 fallback with both 0 and -1. The uniqueness check between two 32-byte tokens is also appropriate. No changes needed.

135-150: Concurrency test is race-free and appropriate

Using a buffered channel and only populating the map from the main goroutine avoids data races while still stressing concurrent token generation across 1000 goroutines. This is a good balance of simplicity and coverage.

171-182: SecureToken test matches the helper’s contract

The test correctly asserts a 32-byte-derived encoded length, non-emptiness, and basic uniqueness across calls, which aligns with SecureToken’s fixed-length wrapper behavior. Looks good.

379-411: Benchmarks for secure tokens vs UUIDv4 are well-structured

The dedicated benchmarks for 16-byte and 32-byte tokens plus the comparative Benchmark_TokenGenerators give useful signal on performance and allocations. The final length checks in each sub-benchmark ensure the work isn’t optimized away. No changes needed.

common.go (1)

103-131: Secure token core implementation and helpers look correct

The main helper defaults non-positive lengths to 32 bytes, allocates exactly that many bytes, and returns a wrapped error if reading randomness fails, which matches the intended contract and avoids silent fallbacks. The Must wrapper and SecureToken helper cleanly delegate to this core, so callers can choose between explicit error handling and fail-fast behavior while always getting 32-byte entropy when using the convenience APIs. Implementation looks solid.

common.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

common.go (1)

103-116: GenerateSecureToken implementation matches its contract

The function correctly:

Normalizes non‑positive length to 32 (256‑bit entropy default).

Allocates exactly length bytes and uses the indirected randRead.

Wraps failures with context via %w.

Returns a URL‑safe token using base64.RawURLEncoding.

Behavior and doc comment are aligned. The only optional refinement would be to consider guarding against unreasonably large length values if this ever takes user‑supplied input directly, but that’s not required for this utility.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c1b2f61 and 1e48df4.

📒 Files selected for processing (1)

common.go (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

GitHub Check: Compare
GitHub Check: Build (1.23.x, windows-latest)
GitHub Check: Build (1.24.x, windows-latest)

🔇 Additional comments (5)

common.go (5)

9-12: New imports correctly support token encoding and error handling

encoding/base64 and fmt are appropriate additions for URL‑safe encoding and wrapped error messages; nothing to change here.

27-29: randRead indirection is a clean test hook

Using a package‑level randRead = rand.Read with a short comment is a straightforward way to simulate crypto/rand failures in tests without impacting production behavior. Just ensure any tests that override randRead restore it (e.g., via defer) before running in parallel.

118-125: GenerateSecureTokenMust wrapper is idiomatic and focused

The Must variant delegates to GenerateSecureToken and panics only on error, which is idiomatic for “must” helpers around crypto randomness. The panic value includes the wrapped error, preserving useful context.

127-131: SecureToken convenience with error return is consistent and safe

SecureToken() simply fixes the entropy at 32 bytes while preserving the (string, error) contract. This keeps naming consistent with GenerateSecureToken and pairs well with the SecureTokenMust helper for callers that prefer fail‑fast behavior.

133-137: SecureTokenMust helper cleanly exposes the panic-on-failure path

SecureTokenMust clearly documents and implements the panic‑on‑failure behavior by delegating to GenerateSecureTokenMust(32). The doc comment now matches the exported name and semantics; no further changes needed.

gaby · 2025-12-06T05:45:05Z

@gemini-code-assist Should we add a maximum length for generating tokens? If so, what should it be and why?

gemini-code-assist · 2025-12-06T05:45:20Z

That's a great question, @gaby! I recommend adding a maximum length for generating tokens in GenerateSecureToken.

Recommended Maximum Length:
I suggest a maximum raw byte length of 256 bytes (which would result in approximately 342 characters after base64.RawURLEncoding).

Reasoning:

Resource Management & DoS Prevention: Allowing arbitrary lengths could lead to excessive memory allocation if a very large length is accidentally or maliciously provided. A length value close to math.MaxInt could cause the application to crash due to out-of-memory errors or be vulnerable to a Denial of Service (DoS) attack.
Practicality: For typical secure token use cases (session IDs, API keys, CSRF tokens), 32 bytes (256 bits of entropy) is already considered very strong and is the default. Even 64 or 128 bytes provide an immense amount of entropy. Beyond 256 bytes, the additional cryptographic strength for most applications becomes negligible, while the overhead in storage, transmission, and processing increases.
Clarity and Safety: Explicitly defining an upper bound makes the function more robust and predictable, preventing unintended behavior with extreme input values.

This limit provides ample flexibility for various secure token needs while safeguarding against potential issues from overly large requests.

sixcolors requested a review from a team as a code owner December 2, 2025 21:04

sixcolors requested review from ReneWerner87, efectn and gaby and removed request for a team December 2, 2025 21:04

ReneWerner87 added the ✏️ Feature label Dec 2, 2025

gemini-code-assist bot reviewed Dec 2, 2025

View reviewed changes

common.go Outdated Show resolved Hide resolved

sixcolors requested review from Copilot and removed request for ReneWerner87, efectn and gaby December 2, 2025 21:07

Copilot started reviewing on behalf of sixcolors December 2, 2025 21:07 View session

coderabbitai bot reviewed Dec 2, 2025

View reviewed changes

common.go Outdated Show resolved Hide resolved

Copilot finished reviewing on behalf of sixcolors December 2, 2025 21:09

Copilot AI reviewed Dec 2, 2025

View reviewed changes

common_test.go Outdated Show resolved Hide resolved

common.go Outdated Show resolved Hide resolved

common.go Outdated Show resolved Hide resolved

common_test.go Outdated Show resolved Hide resolved

sixcolors added 2 commits December 2, 2025 21:01

fix: remove t.Parallel() from tests using AllocsPerRun

fbd057e

AllocsPerRun cannot be called during parallel tests. Removed t.Parallel() from Test_ToUpper and Test_ToLower to fix panic in test runs.

sixcolors added 2 commits December 2, 2025 21:31

feat: add GenerateSecureToken returning (string, error) and GenerateS…

69c8b10

…ecureTokenMust; update SecureToken to use Must; update tests/benchmarks

docs: document SecureToken panics on crypto/rand failure; point calle…

57c5cbb

…rs to error API

sixcolors changed the title ~~feat: add SecureToken and GenerateSecureToken for secure token genera…~~ feat: add GenerateSecureToken and SecureToken (256-bit default) Dec 3, 2025

coderabbitai bot reviewed Dec 3, 2025

View reviewed changes

common_test.go Outdated Show resolved Hide resolved

common.go Outdated Show resolved Hide resolved

common.go Show resolved Hide resolved

gaby approved these changes Dec 3, 2025

View reviewed changes

common.go Outdated Show resolved Hide resolved

coderabbitai bot reviewed Dec 4, 2025

View reviewed changes

common.go Outdated Show resolved Hide resolved

ReneWerner87 approved these changes Dec 5, 2025

View reviewed changes

Update common.go

1e48df4

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

ReneWerner87 merged commit 7d8e31a into master Dec 5, 2025
19 of 20 checks passed

ReneWerner87 deleted the feat/secure-token-replace-uuidv4 branch December 5, 2025 20:52

coderabbitai bot reviewed Dec 5, 2025

View reviewed changes

This was referenced Dec 9, 2025

refactor: simplify SecureToken API by removing the *Must variants #171

Merged

🚀 [Feature]: Sonar Recommendation #173

Closed

feat: add GenerateSecureToken and SecureToken (256-bit default) #165

feat: add GenerateSecureToken and SecureToken (256-bit default) #165

Uh oh!

Conversation

sixcolors commented Dec 2, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Why

Key changes

Safety & behavior

Summary by CodeRabbit

Uh oh!

gemini-code-assist bot commented Dec 2, 2025

Summary of Changes

Highlights

Footnotes

Uh oh!

codecov bot commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

sixcolors commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai bot commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Other AI code review bot(s) detected

Walkthrough

Changes

Estimated code review effort

Poem

Pre-merge checks and finishing touches

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

gaby commented Dec 2, 2025

Uh oh!

sixcolors commented Dec 3, 2025

Uh oh!

sixcolors commented Dec 3, 2025

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

gaby commented Dec 3, 2025

Uh oh!

gaby left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

gaby commented Dec 6, 2025

Uh oh!

gemini-code-assist bot commented Dec 6, 2025

sixcolors commented Dec 2, 2025 •

edited by coderabbitai bot

Loading

codecov bot commented Dec 2, 2025 •

edited

Loading

sixcolors commented Dec 2, 2025 •

edited

Loading

coderabbitai bot commented Dec 2, 2025 •

edited

Loading