Reland "Use crypo RNG for auto ID generation to reduce conflicts (#2764)" #3012
Conversation
wu-hui
changed the title
Binary Size ReportAffected SDKs
Test Logs |
|
|
||
| // Polyfill for IE and WebWorker | ||
| // eslint-disable-next-line no-restricted-globals | ||
| const crypto = |
There was a problem hiding this comment.
We might also consider adding support for this shim on ReactNative: https://stackoverflow.com/questions/45301900/howto-patch-shim-crypto-getrandomvalues-for-react-native
While the fallback will make sure these environments don't break, we can possibly extend our support for crypto.
Edit: I missed that you added self && self.crypto. I blame it on the inline Linter warning which you can suppress by moving your no-any line two down :)
There was a problem hiding this comment.
So we don't need it, right?
There was a problem hiding this comment.
I am ok with not adding support for ReactNative until the ReactNative Firebase wrapper bundles "crypto", but note that without getting "crypto" from globals, we will always fall back to Math.random() for RN.
There was a problem hiding this comment.
Yep, I am filing a ticket to get crypto added for react native firestore.
There was a problem hiding this comment.
react-native-firebase participant here, just cross-linking invertase/react-native-firebase#3618
There was a problem hiding this comment.
Just thought I'd quickly summerize; React Native Firebase doesn't use the JS SDK, we're a thin JS wrapper around the native Android & iOS SDKs so this change has no direct affect on us.
However our JS wrapper does use an identical random id generator - so I think we may need to port this change across in some form - we'll pick this up separately, thanks!
| @@ -43,6 +43,12 @@ export interface Platform { | |||
| /** Converts a binary string to a Base64 encoded string. */ | |||
| btoa(raw: string): string; | |||
|
|
|||
| /** | |||
| * Generates `nBytes` of random bytes. If `nBytes` is negative, an empty array | |||
| * will be returned. | |||
There was a problem hiding this comment.
What is the rationale for accepting negative numbers? This seems like it may be hiding bugs in the calling code.
There was a problem hiding this comment.
Changed it to validate input, and reject anything <=0.
| (this.window.crypto || (this.window as any)['msCrypto'])) || | ||
| (self && self.crypto); | ||
| const v = new Uint8Array(nBytes); | ||
| if (!!crypto) { |
There was a problem hiding this comment.
Is this double exclamation mark intentional? If not, you may want to add a unit test that would fail if Math.random() is used unintentionally.
There was a problem hiding this comment.
This can probably just be if(crypto) since an if statement just needs a "truthy" value and not a boolean.
| const crypto = | ||
| (this.window && | ||
| (this.window.crypto || (this.window as any)['msCrypto'])) || | ||
| (self && self.crypto); |
There was a problem hiding this comment.
According to https://developer.mozilla.org/en-US/docs/Web/API/Window/self, you can just write:
const crypto = typeof self !=== 'undefined' && (self.crypto || (self as any)['msCrypto']);
| (this.window.crypto || (this.window as any)['msCrypto'])) || | ||
| (self && self.crypto); | ||
| const v = new Uint8Array(nBytes); | ||
| if (!!crypto) { |
There was a problem hiding this comment.
This can probably just be if(crypto) since an if statement just needs a "truthy" value and not a boolean.
packages/firestore/src/util/misc.ts
Outdated
| autoId += chars.charAt(Math.floor(Math.random() * chars.length)); | ||
| while (autoId.length < 20) { | ||
| const bytes = PlatformSupport.getPlatform().randomBytes(40); | ||
| for (const b of Array.from(bytes)) { |
There was a problem hiding this comment.
Nit: You can save one copy here if you do a for(let i = 0; i < bytes.length; ++i) loop.
| @@ -72,4 +74,22 @@ export class BrowserPlatform implements Platform { | |||
| btoa(raw: string): string { | |||
| return btoa(raw); | |||
| } | |||
|
|
|||
| randomBytes(nBytes: number): Uint8Array { | |||
| validatePositiveNumber('randomBytes', 1, nBytes); | |||
There was a problem hiding this comment.
This should be a debugAssert since we are not validating a public API call.
You should also allow calls with nBytes: 0 (unless you have to write special code for this).
|
|
||
| // Polyfill for IE and WebWorker | ||
| // eslint-disable-next-line no-restricted-globals | ||
| const crypto = |
There was a problem hiding this comment.
I am ok with not adding support for ReactNative until the ReactNative Firebase wrapper bundles "crypto", but note that without getting "crypto" from globals, we will always fall back to Math.random() for RN.
| @@ -75,4 +77,10 @@ export class NodePlatform implements Platform { | |||
| btoa(raw: string): string { | |||
| return new Buffer(raw, 'binary').toString('base64'); | |||
| } | |||
|
|
|||
| randomBytes(nBytes: number): Uint8Array { | |||
| validatePositiveNumber('randomBytes', 1, nBytes); | |||
There was a problem hiding this comment.
DebugAssert here as well.
There was a problem hiding this comment.
Also, make sure that 0 is accepted as a valid value for nBytes.
| /** | ||
| * Generates `nBytes` of random bytes. | ||
| * | ||
| * If `nBytes <= 0` , an error will be thrown. |
There was a problem hiding this comment.
nit: nBytes==0 is valid; please update this comment to state that it will only reject values that are strictly less than zero.
| @@ -72,4 +74,23 @@ export class BrowserPlatform implements Platform { | |||
| btoa(raw: string): string { | |||
| return btoa(raw); | |||
| } | |||
|
|
|||
| randomBytes(nBytes: number): Uint8Array { | |||
| debugAssert(nBytes >= 0, 'Number of random bytes must not be negative'); | |||
There was a problem hiding this comment.
Consider including the invalid value in the failure message; this could assist in debugging should the assert ever get triggered and all we have to use for debugging is the stack track and error message.
e.g.
debugAssert(nBytes >= 0, `invalid nBytes: ${nBytes}`);| randomBytes(nBytes: number): Uint8Array { | ||
| debugAssert(nBytes >= 0, 'Number of random bytes must not be negative'); | ||
|
|
||
| // Polyfill for IE and WebWorker |
There was a problem hiding this comment.
Can you improve this comment to explain how it affects the reader? Is the polyfill being done by the code block that follows? Or is it instructing the reader to perform some polyfilling? Consider re-writing this comment as a sentence that would be either clearly informative or clearly actionable by the reader.
| const crypto = | ||
| // eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
| typeof self !== 'undefined' && (self.crypto || (self as any)['msCrypto']); | ||
| const v = new Uint8Array(nBytes); |
There was a problem hiding this comment.
nit: Consider a more meaningful name than v (e.g. generatedBytes).
packages/firestore/src/util/misc.ts
Outdated
| for (let i = 0; i < bytes.length; ++i) { | ||
| // Length of `chars` is 62. We only take bytes between 0 and 62*4-1 | ||
| // (both inclusive). The value is then evenly mapped to indices of `char` | ||
| // via a modulo operation. |
There was a problem hiding this comment.
I'm assuming this logic is used to ensure an even distribution between all of the characters in chars. Please update the comment to explain why this logic exists because it is non-obvious.
packages/firestore/src/util/misc.ts
Outdated
| @@ -28,8 +29,17 @@ export class AutoId { | |||
| const chars = | |||
| 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; | |||
| let autoId = ''; | |||
| for (let i = 0; i < 20; i++) { | |||
| autoId += chars.charAt(Math.floor(Math.random() * chars.length)); | |||
| while (autoId.length < 20) { | |||
There was a problem hiding this comment.
Consider re-writing this loop as while (true) and then breaking out of the loop with a break statement immediately after appending the 20th character to autoId. This would avoid hardcoding 20 in two different places.
There was a problem hiding this comment.
Rewrote the section to reduce hardcoding numbers.
packages/firestore/src/util/misc.ts
Outdated
| // Length of `chars` is 62. We only take bytes between 0 and 62*4-1 | ||
| // (both inclusive). The value is then evenly mapped to indices of `char` | ||
| // via a modulo operation. | ||
| const maxValue = 62 * 4 - 1; |
There was a problem hiding this comment.
Consider moving the calculation of maxValue to immediately follow the declaration of chars. IMO, having it re-calculated on each loop iteration detracts from readability because it incorrectly implies that its value may change between iterations.
packages/firestore/src/util/misc.ts
Outdated
| // Length of `chars` is 62. We only take bytes between 0 and 62*4-1 | ||
| // (both inclusive). The value is then evenly mapped to indices of `char` | ||
| // via a modulo operation. | ||
| const maxValue = 62 * 4 - 1; |
There was a problem hiding this comment.
Hardcoding 62 in three different places (including in the comment) is a bit unnerving. It would be preferable to use chars.length, for robustness. How about something like this:
const chars = '...';
const maxValue = chars.length * 4 - 1;
debugAssert(maxValue < 256);Then the hardcoded value of 62 in the modulo operation below can be safely replaced with chars.length.
| @@ -75,4 +77,10 @@ export class NodePlatform implements Platform { | |||
| btoa(raw: string): string { | |||
| return new Buffer(raw, 'binary').toString('base64'); | |||
| } | |||
|
|
|||
| randomBytes(nBytes: number): Uint8Array { | |||
| validatePositiveNumber('randomBytes', 1, nBytes); | |||
There was a problem hiding this comment.
Also, make sure that 0 is accepted as a valid value for nBytes.
Manually verified on IE11 and web-workers.