Switched to nanoid for key generation
To try and prevent any security issues, use an external package to generate key instead of doing it ourselves. Note: we have to use nanoid version 3 as nanoid version 4 requires ESM. Currently, nanoid v3 is still supported. Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
This commit is contained in:
parent
11fa690e09
commit
669f8700b2
|
@ -45,6 +45,7 @@
|
|||
"mqtt": "~4.3.7",
|
||||
"mssql": "~8.1.4",
|
||||
"mysql2": "~2.3.3",
|
||||
"nanoid": "^3.3.4",
|
||||
"node-cloudflared-tunnel": "~1.0.9",
|
||||
"node-radius-client": "~1.0.0",
|
||||
"nodemailer": "~6.6.5",
|
||||
|
@ -14247,7 +14248,6 @@
|
|||
"version": "3.3.4",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
|
||||
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
|
||||
"dev": true,
|
||||
"bin": {
|
||||
"nanoid": "bin/nanoid.cjs"
|
||||
},
|
||||
|
@ -29825,8 +29825,7 @@
|
|||
"nanoid": {
|
||||
"version": "3.3.4",
|
||||
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
|
||||
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
|
||||
"dev": true
|
||||
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw=="
|
||||
},
|
||||
"native-duplexpair": {
|
||||
"version": "1.0.0",
|
||||
|
|
|
@ -103,6 +103,7 @@
|
|||
"mqtt": "~4.3.7",
|
||||
"mssql": "~8.1.4",
|
||||
"mysql2": "~2.3.3",
|
||||
"nanoid": "^3.3.4",
|
||||
"node-cloudflared-tunnel": "~1.0.9",
|
||||
"node-radius-client": "~1.0.0",
|
||||
"nodemailer": "~6.6.5",
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
const { checkLogin } = require("../util-server");
|
||||
const { log } = require("../../src/util");
|
||||
const { R } = require("redbean-node");
|
||||
const crypto = require("crypto");
|
||||
const { nanoid } = require("nanoid");
|
||||
const passwordHash = require("../password-hash");
|
||||
const apicache = require("../modules/apicache");
|
||||
const APIKey = require("../model/api_key");
|
||||
|
@ -17,7 +17,8 @@ module.exports.apiKeySocketHandler = (socket) => {
|
|||
socket.on("addAPIKey", async (key, callback) => {
|
||||
try {
|
||||
checkLogin(socket);
|
||||
let clearKey = crypto.randomBytes(32).toString("base64url");
|
||||
|
||||
let clearKey = nanoid(40);
|
||||
let hashedKey = passwordHash.generate(clearKey);
|
||||
key["key"] = hashedKey;
|
||||
let bean = await APIKey.save(key, socket.userID);
|
||||
|
|
Loading…
Reference in New Issue