From 740a65f88043742bbc1933c5e77dfd1ad5a3eb52 Mon Sep 17 00:00:00 2001 From: Alejandro Celaya Date: Fri, 11 Oct 2019 11:41:14 +0200 Subject: [PATCH] Updated references to SHORTCODE_CHARS in docker docs --- .env.dist | 1 - CHANGELOG.md | 6 +++++- docker/README.md | 17 +++++++++-------- docker/config/shlink_in_docker.local.php | 21 ++++----------------- 4 files changed, 18 insertions(+), 27 deletions(-) diff --git a/.env.dist b/.env.dist index 16ad75bc..daf74cbb 100644 --- a/.env.dist +++ b/.env.dist @@ -3,7 +3,6 @@ APP_ENV= SECRET_KEY= SHORTENED_URL_SCHEMA= SHORTENED_URL_HOSTNAME= -SHORTCODE_CHARS= # Database DB_USER= diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d4ec601..cda60fac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this #### Added -* *Nothing* +* [#491](https://github.com/shlinkio/shlink/issues/491) Added improved short code generation logic. + + Now, short codes are truly random, which removes the guessability factor existing in previous versions. + + Generated short codes have 5 characters, and shlink makes sure they keep unique, while making it backwards-compatible. #### Changed diff --git a/docker/README.md b/docker/README.md index aff3d997..eca69d36 100644 --- a/docker/README.md +++ b/docker/README.md @@ -92,7 +92,6 @@ This is the complete list of supported env vars: * `SHORT_DOMAIN_HOST`: The custom short domain used for this shlink instance. For example **doma.in**. * `SHORT_DOMAIN_SCHEMA`: Either **http** or **https**. -* `SHORTCODE_CHARS`: A charset to use when building short codes. Only needed when using more than one shlink instance ([Multi instance considerations](#multi-instance-considerations)). * `DB_DRIVER`: **sqlite** (which is the default value), **mysql**, **maria** or **postgres**. * `DB_NAME`: The database name to be used when using an external database driver. Defaults to **shlink**. * `DB_USER`: The username credential to be used when using an external database driver. @@ -112,6 +111,8 @@ This is the complete list of supported env vars: In the future, these redis servers could be used for other caching operations performed by shlink. +* `SHORTCODE_CHARS`: **Ignored when using Shlink 1.20 or newer**. A charset to use when building short codes. Only needed when using more than one shlink instance ([Multi instance considerations](#multi-instance-considerations)). + An example using all env vars could look like this: ```bash @@ -178,7 +179,13 @@ docker run --name shlink -p 8080:8080 -v ${PWD}/my/config/dir:/etc/shlink/config These are some considerations to take into account when running multiple instances of shlink. -* The first time shlink is run, it generates a charset used to generate short codes, which is a shuffled base62 charset. +* Some operations performed by Shlink should never be run more than once at the same time (like creating the database for the first time, or downloading the GeoLite2 database). For this reason, Shlink uses a locking system. + + However, these locks are locally scoped to each Shlink instance by default. + + You can (and should) make the locks to be shared by all Shlink instances by using a redis server/cluster. Just define the `REDIS_SERVERS` env var with the list of servers. + +* **Ignore this if using Shlink 1.20 or newer**. The first time shlink is run, it generates a charset used to generate short codes, which is a shuffled base62 charset. If you are using several shlink instances, you will probably want all of them to use the same charset. @@ -186,12 +193,6 @@ These are some considerations to take into account when running multiple instanc If you don't do this, each shlink instance will use a different charset. However this shouldn't be a problem in practice, since the chances to get a collision will be very low. -* Some operations performed by Shlink should never be run more than once at the same time (like creating the database for the first time, or downloading the GeoLite2 database). For this reason, Shlink uses a locking system. - - However, these locks are locally scoped to each Shlink instance by default. - - You can (and should) make the locks to be shared by all Shlink instances by using a redis server/cluster. Just define the `REDIS_SERVERS` env var with the list of servers. - ## Versions Versions of this image match the shlink version it contains. diff --git a/docker/config/shlink_in_docker.local.php b/docker/config/shlink_in_docker.local.php index d0744358..5477e892 100644 --- a/docker/config/shlink_in_docker.local.php +++ b/docker/config/shlink_in_docker.local.php @@ -32,17 +32,15 @@ $helper = new class { 'postgres' => '5432', ]; - /** @var string */ - private $charset; /** @var string */ private $secretKey; public function __construct() { - [$this->charset, $this->secretKey] = $this->initShlinkKeys(); + [, $this->secretKey] = $this->initShlinkSecretKey(); } - private function initShlinkKeys(): array + private function initShlinkSecretKey(): array { $keysFile = sprintf('%s/shlink.keys', sys_get_temp_dir()); if (file_exists($keysFile)) { @@ -50,29 +48,19 @@ $helper = new class { } $keys = [ - env('SHORTCODE_CHARS', $this->generateShortcodeChars()), - env('SECRET_KEY', $this->generateSecretKey()), + '', // This was the SHORTCODE_CHARS. Kept as empty string for BC + env('SECRET_KEY', $this->generateSecretKey()), // Deprecated ]; file_put_contents($keysFile, implode(',', $keys)); return $keys; } - private function generateShortcodeChars(): string - { - return str_shuffle(self::BASE62); - } - private function generateSecretKey(): string { return substr(str_shuffle(self::BASE62), 0, 32); } - public function getShortcodeChars(): string - { - return $this->charset; - } - public function getSecretKey(): string { return $this->secretKey; @@ -137,7 +125,6 @@ return [ 'schema' => env('SHORT_DOMAIN_SCHEMA', 'http'), 'hostname' => env('SHORT_DOMAIN_HOST', ''), ], - 'shortcode_chars' => $helper->getShortcodeChars(), 'validate_url' => (bool) env('VALIDATE_URLS', true), 'not_found_short_url' => $helper->getNotFoundConfig(), ],