From 8fcce388b0a66ca69c71f2f428940a6f7f9258f2 Mon Sep 17 00:00:00 2001
From: Joris Guyonvarch
Date: Sat, 25 Oct 2025 18:58:17 +0200
Subject: Use base62 characters for the file id

---
 src/model.rs | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'src/model.rs')

diff --git a/src/model.rs b/src/model.rs
index ed4fbf8..12b0433 100644
--- a/src/model.rs
+++ b/src/model.rs
@@ -1,6 +1,5 @@
-use base64::{engine::general_purpose::URL_SAFE, Engine as _};
 use chrono::{DateTime, Local, NaiveDateTime, TimeZone};
-use rand_core::{OsRng, RngCore};
+use rand::{distributions::Alphanumeric, Rng};
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct File {
@@ -18,15 +17,17 @@ pub fn local_time() -> DateTime<Local> {
     }
 }
 
-// Using 20 bytes (160 bits) to file identifiers
+// Using 28 Base 62 characters, which corresponds to 166 bits of entropy
 // https://owasp.org/www-community/vulnerabilities/Insufficient_Session-ID_Length
 // https://www.rfc-editor.org/rfc/rfc6749.html#section-10.10
-const FILE_ID_BYTES: usize = 20;
+const FILE_ID_CHARS: usize = 28;
 
 pub fn generate_file_id() -> String {
-    let mut token = [0u8; FILE_ID_BYTES];
-    OsRng.fill_bytes(&mut token);
-    URL_SAFE.encode(token)
+    rand::thread_rng()
+        .sample_iter(&Alphanumeric)
+        .take(FILE_ID_CHARS)
+        .map(char::from)
+        .collect()
 }
 
 const FORMAT: &str = "%Y-%m-%d %H:%M:%S";
-- 
cgit v1.2.3