From fa2dcd0351b1e3b3ca94083940ac4cdd21e3ae36 Mon Sep 17 00:00:00 2001
From: BillyGriffiths <billy.griffiths@gmail.com>
Date: Tue, 15 Nov 2022 10:58:20 +0200
Subject: [PATCH] oauth - use uuid() as base for nonce

---
 auth/oauth.go | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/auth/oauth.go b/auth/oauth.go
index b03c1ef..d0c4e1d 100644
--- a/auth/oauth.go
+++ b/auth/oauth.go
@@ -2,8 +2,8 @@ package oauth
 
 import (
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/google/uuid"
 	"gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/encryption"
-	"math/rand"
 	"net/url"
 	"strconv"
 	"strings"
@@ -35,8 +35,11 @@ func (auth Oauth1) GenerateAuthorizationHeader(method, requestUrl string) (Autho
 		params[key] = rawParams.Get(key)
 	}
 
+	// Make a nonce
+	nonce := strings.ReplaceAll(uuid.New().String(), "-", "")
+
 	urlValues := url.Values{}
-	urlValues.Add("oauth_nonce", generateNonce())
+	urlValues.Add("oauth_nonce", nonce)
 	urlValues.Add("oauth_consumer_key", auth.ConsumerKey)
 	urlValues.Add("oauth_signature_method", "HMAC-SHA256")
 	urlValues.Add("oauth_timestamp", strconv.Itoa(int(time.Now().Unix())))
@@ -74,12 +77,3 @@ func (auth Oauth1) GenerateAuthorizationHeader(method, requestUrl string) (Autho
 
 	return aws.String("OAuth " + strings.TrimSuffix(AuthorizationString, ",")), nil
 }
-
-func generateNonce() string {
-	const allowed = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-	b := make([]byte, 48)
-	for i := range b {
-		b[i] = allowed[rand.Intn(len(allowed))]
-	}
-	return string(b)
-}
-- 
GitLab