[management] Use xID for setup key IDs to avoid id collisions (#3977)

This PR addresses potential ID collisions by switching the setup key ID generation from a hash-based approach to using xid-generated IDs. Replace the hash function with xid.New().String() Remove obsolete imports and the Hash() function
2025-06-24 03:31:28 +02:00 · 2025-06-14 12:24:16 +01:00 · 2025-06-14 12:24:16 +01:00 · b1247a14ba
commit b1247a14ba
parent f595057a0b
2 changed files with 7 additions and 18 deletions
--- a/management/server/setupkey_test.go
+++ b/management/server/setupkey_test.go
@ -5,7 +5,6 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
-	"strconv"
 	"strings"
 	"testing"
 	"time"
@ -182,7 +181,7 @@ func TestDefaultAccountManager_CreateSetupKey(t *testing.T) {
 			}

 			assertKey(t, key, tCase.expectedKeyName, false, tCase.expectedType, tCase.expectedUsedTimes,
-				tCase.expectedCreatedAt, tCase.expectedExpiresAt, strconv.Itoa(int(types.Hash(key.Key))),
+				tCase.expectedCreatedAt, tCase.expectedExpiresAt, key.Id,
 				tCase.expectedUpdatedAt, tCase.expectedGroups, false)

 			// check the corresponding events that should have been generated
@ -258,10 +257,10 @@ func TestGenerateDefaultSetupKey(t *testing.T) {
 	expectedExpiresAt := time.Now().UTC().Add(24 * 30 * time.Hour)
 	var expectedAutoGroups []string

-	key, plainKey := types.GenerateDefaultSetupKey()
+	key, _ := types.GenerateDefaultSetupKey()

 	assertKey(t, key, expectedName, expectedRevoke, expectedType, expectedUsedTimes, expectedCreatedAt,
-		expectedExpiresAt, strconv.Itoa(int(types.Hash(plainKey))), expectedUpdatedAt, expectedAutoGroups, true)
+		expectedExpiresAt, key.Id, expectedUpdatedAt, expectedAutoGroups, true)

 }

@ -275,10 +274,10 @@ func TestGenerateSetupKey(t *testing.T) {
 	expectedUpdatedAt := time.Now().UTC()
 	var expectedAutoGroups []string

-	key, plain := types.GenerateSetupKey(expectedName, types.SetupKeyOneOff, time.Hour, []string{}, types.SetupKeyUnlimitedUsage, false, false)
+	key, _ := types.GenerateSetupKey(expectedName, types.SetupKeyOneOff, time.Hour, []string{}, types.SetupKeyUnlimitedUsage, false, false)

 	assertKey(t, key, expectedName, expectedRevoke, expectedType, expectedUsedTimes, expectedCreatedAt,
-		expectedExpiresAt, strconv.Itoa(int(types.Hash(plain))), expectedUpdatedAt, expectedAutoGroups, true)
+		expectedExpiresAt, key.Id, expectedUpdatedAt, expectedAutoGroups, true)

 }

--- a/management/server/types/setupkey.go
+++ b/management/server/types/setupkey.go
@ -3,13 +3,12 @@ package types
 import (
 	"crypto/sha256"
 	b64 "encoding/base64"
-	"hash/fnv"
-	"strconv"
 	"strings"
 	"time"
 	"unicode/utf8"

 	"github.com/google/uuid"
+	"github.com/rs/xid"

 	"github.com/netbirdio/netbird/management/server/util"
 )
@ -170,7 +169,7 @@ func GenerateSetupKey(name string, t SetupKeyType, validFor time.Duration, autoG
 	encodedHashedKey := b64.StdEncoding.EncodeToString(hashedKey[:])

 	return &SetupKey{
-		Id:                  strconv.Itoa(int(Hash(key))),
+		Id:                  xid.New().String(),
 		Key:                 encodedHashedKey,
 		KeySecret:           HiddenKey(key, 4),
 		Name:                name,
@ -192,12 +191,3 @@ func GenerateDefaultSetupKey() (*SetupKey, string) {
 	return GenerateSetupKey(DefaultSetupKeyName, SetupKeyReusable, DefaultSetupKeyDuration, []string{},
 		SetupKeyUnlimitedUsage, false, false)
 }
-
-func Hash(s string) uint32 {
-	h := fnv.New32a()
-	_, err := h.Write([]byte(s))
-	if err != nil {
-		panic(err)
-	}
-	return h.Sum32()
-}