Integer id replaced with random string

osminogin · osminogin · commit e9ca96b181ab · 2016-03-01T15:17:02.000+03:00
diff --git a/db.scheme b/db.scheme
@@ -1,4 +1,4 @@
 CREATE TABLE IF NOT EXISTS notes(
-    id INTEGER PRIMARY KEY NOT NULL,
+    id TEXT PRIMARY KEY NOT NULL,
     encrypted TEXT NOT NULL
 );
diff --git a/handlers.go b/handlers.go
@@ -17,7 +17,9 @@
 package tornote
 
 import (
+	"crypto/rand"
 	"database/sql"
+	"encoding/base64"
 	"fmt"
 	"net/http"
 	"path/filepath"
@@ -77,14 +79,20 @@ func readNoteHandler(db *sql.DB) http.Handler {
 func saveNoteHandler(db *sql.DB) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		encrypted := r.FormValue("body")
+		secret := make([]byte, 11)
 
-		res, err := db.Exec("INSERT INTO notes (encrypted) VALUES (?)", encrypted)
+		// Generate random data for note id
+		_, err := rand.Read(secret)
 		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		id, err := res.LastInsertId()
+		// Encode note id with URL safe format
+		id := base64.RawURLEncoding.EncodeToString(secret)
+
+		// Save data to database
+		_, err = db.Exec("INSERT INTO notes (id, encrypted) VALUES (?, ?)", id, encrypted)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
diff --git a/public/main.js b/public/main.js
@@ -7,15 +7,15 @@ $(document).ready(function() {
         event.preventDefault();
         var form = $(this);
         var text = form.find("textarea").val();
-        var secret = sjcl.codec.base64.fromBits(sjcl.random.randomWords(2));
+        var secret = sjcl.codec.base64url.fromBits(sjcl.random.randomWords(3));
         var encrypted = sjcl.encrypt(secret, text);
 
         $.ajax({
             url: form.attr("action"),
             method: "POST",
             data: {body: encrypted.toString()},
             success: function(id) {
-                var link = window.location.href.toString() + id + "#" + secret.toString();
+                var link = window.location.href.toString() + id + "#" + secret;
                 $("#secret_link").text(link);
                 $("#note").addClass("hidden");
                 $("#done").removeClass("hidden");
