search

MissionalDigerati / joshua_project_api

An API for connecting to the Joshua Project data.
GNU General Public License v3.0
6 stars 2 forks source link

03-16-2024: API Key Generation should check the database if key exists #15

Open codemis opened 8 months ago

codemis commented 8 months ago

Description

Looking at the code here, we just generate a key using time. It would be good to check if the key exists in the database, before setting it.

Context

We need to make the API key generation more bullet proof. We should loop over until we are sure the key is not in the database.

joshuaproject commented 8 months ago

So the concern is that two identical keys could potentially be created? Could the key be the primary table index and disallow duplicates i.e. create the key then attempt to add to the table storing keys that has a unique index on the key field, if identical keys will not allow it to be added and just go back and create a new key.

From: Johnathan Pulos @.> Sent: Wednesday, March 13, 2024 5:32 PM To: MissionalDigerati/joshua_project_api @.> Cc: Subscribed @.***> Subject: [MissionalDigerati/joshua_project_api] 03-16-2024: API Key Generation should check the database if key exists (Issue #15)

Description

Looking at the code herehttps://github.com/MissionalDigerati/joshua_project_api/blob/develop/App/v1/Includes/CommonFunctions.php#L207, we just generate a key using time. It would be good to check if the key exists in the database, before setting it.

Context

We need to make the API key generation more bullet proof. We should loop over until we are sure the key is not in the database.

— Reply to this email directly, view it on GitHubhttps://github.com/MissionalDigerati/joshua_project_api/issues/15, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABK7IGTPRNV54SOLQRZD2OLYYDOV3AVCNFSM6AAAAABEVCM77CVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE4DKMBZGE4TKMI. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>

codemis commented 8 months ago

@joshuaproject Good ideas. Currently, the chance of a duplicate key is very minute, but we should prepare for the worst. The key for the primary table is an integer which would be easy to guess. The best solution would be to use a loop. In the loop, we generate a random string like the code currently does. Then we check the database for the key. If it exists, we loop again.

joshuaproject commented 8 months ago

Sounds good. Go for it.

From: Johnathan Pulos @.> Sent: Wednesday, March 13, 2024 6:16 PM To: MissionalDigerati/joshua_project_api @.> Cc: Github @.>; Mention @.> Subject: Re: [MissionalDigerati/joshua_project_api] 03-16-2024: API Key Generation should check the database if key exists (Issue #15)

@joshuaprojecthttps://github.com/joshuaproject Good ideas. Currently, the chance of a duplicate key is very minute, but we should prepare for the worst. The key for the primary table is an integer which would be easy to guess. The best solution would be to use a loop. In the loop, we generate a random string like the code currently does. Then we check the database for the key. If it exists, we loop again.

— Reply to this email directly, view it on GitHubhttps://github.com/MissionalDigerati/joshua_project_api/issues/15#issuecomment-1996170577, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABK7IGR7F5E7Y52YF77V2XDYYDT4JAVCNFSM6AAAAABEVCM77CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOJWGE3TANJXG4. You are receiving this because you were mentioned.Message ID: @.**@.>>