[fix] Efficiently generate random strings

access.lua

@@ -12,8 +12,7 @@ cache = ngx.shared.cache
 -- Generate a unique token if it has not been generated yet
 srvkey = cache:get("srvkey")
 if not srvkey then
-    math.randomseed(os.time())
+    srvkey = random_string()
-    srvkey = tostring(math.random(1111111, 9999999))
     cache:add("srvkey", srvkey)
 end
 
@@ -99,7 +98,7 @@ then
             -- current one, create a redirection with a CDA key
             if  not string.match(back_url, "^http[s]?://"..ngx.var.host.."/")
             and not string.match(back_url, ".*"..conf.login_arg.."=%d+$") then
-                cda_key = tostring(math.random(1111111, 9999999))
+                cda_key = random_string()
                 login[cda_key] = ngx.var.cookie_SSOwAuthUser
                 if string.match(back_url, ".*?.*") then
                     back_url = back_url.."&"

helpers.lua

@@ -96,7 +96,7 @@ function set_auth_cookie (user, domain)
     local expire = ngx.req.start_time() + maxAge
     local session_key = cache:get("session_"..user)
     if not session_key then
-        session_key = tostring(math.random(1111111, 9999999))
+        session_key = random_string()
         cache:add("session_"..user, session_key, conf["session_max_timeout"])
     end
     local hash = ngx.md5(srvkey..

init.lua

@@ -20,6 +20,7 @@ lualdap = require "lualdap"
 math = require "math"
 hige = require "hige"
 lfs = require "lfs"
+socket = require "socket"
 
 -- Persistent shared table
 flashs = {}
@@ -27,6 +28,14 @@ login = {}
 logout = {}
 i18n = {}
 
+-- Efficient function to get a random string
+function random_string ()
+    math.randomseed( tonumber(tostring(socket.gettime()*10000):reverse()) )
+    str = tostring(math.random()):sub(3)
+    socket.sleep(1e-400)
+    return str
+end
+
 -- Load translations in the "i18n" above table
 local locale_dir = script_path.."portal/locales/"
 for file in lfs.dir(locale_dir) do