feat: switch to md5 + timestamp

MD5 will make the token shorter. The timestamp will help to prevent
collisions since the tokens must be generated at the same nanosecond
(assuming the md5 sum generates the same hash, which is unlikely).

Using MD5 shouldn't be a security issue. The "real" access token is
already encrypted, and it's visible and accessible if short tokens
aren't used.

services/collaboration/pkg/middleware/wopicontext.go

@@ -2,11 +2,12 @@ package middleware
 
 import (
 	"context"
-	"crypto/sha256"
+	"crypto/md5"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"
 
@@ -213,9 +214,9 @@ func GenerateWopiToken(wopiContext WopiContext, cfg *config.Config, st microstor
 	accessToken, err := token.SignedString([]byte(cfg.Wopi.Secret))
 
 	if cfg.Wopi.ShortTokens {
-		c := sha256.New()
+		c := md5.New()
 		c.Write([]byte(accessToken))
-		shortAccessToken := hex.EncodeToString(c.Sum(nil))
+		shortAccessToken := hex.EncodeToString(c.Sum(nil)) + strconv.FormatInt(time.Now().UnixNano(), 16)
 
 		errWrite := st.Write(&microstore.Record{
 			Key:    shortAccessToken,