fix code review findings

2026-05-08 16:47:46 +02:00 · 2025-12-23 13:25:56 +01:00
parent 6ac2155c5e
commit 098d9c45c4
4 changed files with 55 additions and 18 deletions
--- a/model/session.go
+++ b/model/session.go
@@ -95,14 +95,14 @@ func (s *Session) GetPoints(since float64) [][]any {
 	if since <= 0 {
 		return s.data.Points
 	}
-	timeIdx := 2
+	// encrypted sessions have opaque timestamps - can't filter server-side
 	if s.data.Encrypted {
-		timeIdx = 3
+		return s.data.Points
 	}
 	var pts [][]any
 	for _, p := range s.data.Points {
-		if len(p) > timeIdx {
-			if t, ok := p[timeIdx].(float64); ok && t > since {
+		if len(p) > 2 {
+			if t, ok := p[2].(float64); ok && t > since {
 				pts = append(pts, p)
 			}
 		}
--- a/model/share.go
+++ b/model/share.go
@@ -2,7 +2,8 @@ package model

 import (
 	"context"
-	"math/rand"
+	"crypto/rand"
+	"encoding/binary"
 	"strconv"
 	"time"

@@ -97,7 +98,7 @@ func NewGroupShare(s store.Store, publicURL string, linkGen func() (string, erro
 	if err != nil {
 		return nil, err
 	}
-	pin := GroupPinMin + rand.Intn(GroupPinMax-GroupPinMin+1)
+	pin := GroupPinMin + cryptoRandInt(GroupPinMax-GroupPinMin+1)
 	return &GroupShare{
 		store:     s,
 		id:        id,
@@ -201,3 +202,9 @@ func LoadShareType(ctx context.Context, s store.Store, id string) (int, error) {
 	}
 	return st.Type, nil
 }
+
+func cryptoRandInt(max int) int {
+	var b [8]byte
+	rand.Read(b[:])
+	return int(binary.LittleEndian.Uint64(b[:]) % uint64(max))
+}