How to generate a random url safe string with Elixir

Solution 1

What you can do instead is to generate a Base64-encoded string to be used as a confirmation token. This confirmation token will then be saved to your DB and passed as params to the activation link. Your activation url would look something like:

activation_url(MyApp.Endpoint, :confirm, confirm_id: confirm_id)

The above url helper assumes you have a MyApp.ActivationController and a confirm/2 action in that controller. To generate the confirm_id, you could do:

def random_string(length) do
  :crypto.strong_rand_bytes(length) |> Base.url_encode64 |> binary_part(0, length)
end

# random_string(64)

In your MyApp.ActivationController.confirm/2, you could have code lik:

def confirm(conn, %{"confirm_id" => confirm_id}) do
  user = Repo.get_by(User, confirm_id: confirm_id)
  User.confirm(user)
  conn
  |> put_flash(:info, "Account confirmed!")
  |> redirect(to: "/")
end

Hope that helps!

Solution 2

You can easily define a module to do this. In this example, @chars determines what characters appear in your generated strings.

defmodule StringGenerator do
  @chars "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |> String.split("")

  def string_of_length(length) do
    Enum.reduce((1..length), [], fn (_i, acc) ->
      [Enum.random(@chars) | acc]
    end) |> Enum.join("")
  end
end

StringGenerator.string_of_length(3) # => "YCZ"

Solution 3

As noted in @JimGray's comment, your specification should really be in terms of the amount of entropy you want to represent by the random URL safe strings. Something along the lines of "I need N bits" because someone told you to use N bits, or "I want to avoid repeat in N strings and I can accept a risk of 1 in n of a collision". Either way, it's directly about entropy and only indirectly about string length.

For example, be sure that if you use a solution like @Gjaldon' answer you understand even though 512 bits of randomness is used, the amount of entropy for the actual string generated by random_string(64) is 320 bits. Whether that's sufficient is of course dependent on your scenario, which as noted above is probably best expressed as, for example, "I need a million strings with no more than a 1 in a trillion risk of repeat", in which case 320 bits is gross overkill as you'd only need 79.

If you want more control and understanding of generating random strings, look at EntropyString. With that library, you could do something like the following to get a string with 256 bits of entropy:

iex> defmodule Id, do: use EntropyString, charset: charset64
iex> Id.token
"ziKYK7t5LzVYn5XiJ_jYh30KxCCsLorRXqLwwEnZYHJ"

Or if you realize a million strings with a repeat risk of 1 in a trillion is sufficient, you could set up your Id generation like:

iex> defmodule Id do
...>   use EntropyString, charset: charset64
...>   @bits entropy_bits(1.0e6, 1.0e12)
...>   def random, do: Id.random_string(@bits)
...> end
iex> Id.random
"FhlGVXOaXV9f3f"

Either way, control and understanding are nice things to have.

Related videos on Youtube

05 : 11

SEO Friendly URLs with Phoenix

Elixir Casts

740

24 : 18

Encrypting Personal Data with Elixir and Cloak Ecto

Peter and Code

649

02 : 20

Using the Erlang crypto library in your Phoenix app to generate random URL safe strings.

Phoenix by Example

142

07 : 30

URL [Slug Generator] With Elixir

Elixirprogrammer

132

14 : 14

Random String Generator Java

UniProgrammer

61

06 : 09

How to Generate a RANDOM STRING in JavaScript and HTML

{RhymBil}

11

02 : 57

Java Program That Generate Random String

Java Hub

1

28 : 59

How to write a Web Server in Elixir

Code, Please!

1

Author by

NoDisplayName

Updated on November 16, 2020