StyAndCo/zappyzep
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use cryptographically secure random bytes instead of uuid
All checks were successful
Code quality checks / build (23) (push) Successful in 35s
Details
Push code / build (push) Successful in 50s
Details

Browse source
This commit is contained in:
Lara 2024-11-02 17:03:32 +02:00
parent 536e0690ae
commit ca31bba520
Signed by: laratheprotogen
GPG key ID: 5C0296EB3165F98B
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
backend/src/data/ApiLogins.ts
View file

@ -7,6 +7,7 @@ import { DAYS, DBDateFormat } from "../utils";
import { BaseRepository } from "./BaseRepository"; import { BaseRepository } from "./BaseRepository";
import { dataSource } from "./dataSource"; import { dataSource } from "./dataSource";
import { ApiLogin } from "./entities/ApiLogin"; import { ApiLogin } from "./entities/ApiLogin";
import { randomBytes } from "node:crypto";
const LOGIN_EXPIRY_TIME = 1 * DAYS; const LOGIN_EXPIRY_TIME = 1 * DAYS;
@ -48,7 +49,7 @@ export class ApiLogins extends BaseRepository {
// Generate random login id // Generate random login id
let loginId; let loginId;
while (true) { while (true) {
loginId = uuidv4(); loginId = randomBytes(64).toString("hex");
const existing = await this.apiLogins.findOne({ const existing = await this.apiLogins.findOne({
where: { where: {
id: loginId, id: loginId,
@ -58,7 +59,7 @@ export class ApiLogins extends BaseRepository {
} }
// Generate token // Generate token
const token = uuidv4(); const token = randomBytes(64).toString("hex");
const hash = crypto.createHash("sha256"); const hash = crypto.createHash("sha256");
hash.update(loginId + token); // Use loginId as a salt hash.update(loginId + token); // Use loginId as a salt
const hashedToken = hash.digest("hex"); const hashedToken = hash.digest("hex");