Skip to main content

ito_core/
token.rs

1//! Cryptographic token generation for backend server authentication.
2//!
3//! Produces URL-safe base64-encoded random strings suitable for use as admin
4//! tokens and HMAC token seeds.
5
6use base64::Engine;
7use base64::engine::general_purpose::URL_SAFE_NO_PAD;
8use rand::Rng;
9
10/// Minimum entropy in bytes for generated tokens.
11const TOKEN_ENTROPY_BYTES: usize = 32;
12
13/// Generate a cryptographically random URL-safe base64 token.
14///
15/// The token contains at least 32 bytes of entropy from the OS CSPRNG,
16/// encoded as URL-safe base64 (no padding). This produces a 43-character
17/// string.
18pub fn generate_token() -> String {
19    let mut bytes = [0u8; TOKEN_ENTROPY_BYTES];
20    rand::rng().fill(&mut bytes);
21    URL_SAFE_NO_PAD.encode(bytes)
22}
23
24#[cfg(test)]
25#[path = "token_tests.rs"]
26mod token_tests;