frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Replace Math.random with crypto.getBytes for session tokens

This commit is contained in:
Nick O'Leary 2020-09-11 14:09:54 +01:00
parent baffe4861c
commit 70b6674f44
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
3 changed files with 6 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
packages/node_modules/@node-red/editor-api/lib/auth/tokens.js vendored
View File

@ -14,15 +14,7 @@
* limitations under the License.
**/
function generateToken(length) {
var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
var token = [];
for (var i=0;i<length;i++) {
token.push(c[Math.floor(Math.random()*c.length)]);
}
return token.join("");
}
const crypto = require("crypto");
var storage;
var sessionExpiryTime
@ -115,7 +107,7 @@ module.exports = {
},
create: function(user,client,scope) {
return loadSessions().then(function() {
var accessToken = generateToken(128);
var accessToken = crypto.randomBytes(128).toString('base64');
var accessTokenExpiresAt = Date.now() + (sessionExpiryTime*1000);

11
packages/node_modules/@node-red/editor-api/lib/editor/comms.js vendored
View File

@ -16,6 +16,7 @@
var ws = require("ws");
var url = require("url");
const crypto = require("crypto");
var log = require("@node-red/util").log; // TODO: separate module
var Tokens;
@ -56,17 +57,9 @@ function handleSessionExpiry(session) {
}
})
}
function generateSession(length) {
var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
var token = [];
for (var i=0;i<length;i++) {
token.push(c[Math.floor(Math.random()*c.length)]);
}
return token.join("");
}
function CommsConnection(ws, user) {
this.session = generateSession(32);
this.session = crypto.randomBytes(32).toString('base64');
this.ws = ws;
this.stack = [];
this.user = user;

3
packages/node_modules/@node-red/runtime/lib/storage/localfilesystem/projects/git/authServer.js vendored
View File

@ -18,9 +18,10 @@ var net = require("net");
var fs = require("fs-extra");
var path = require("path");
var os = require("os");
const crypto = require("crypto");
function getListenPath() {
var seed = (0x100000+Math.random()*0x999999).toString(16);
var seed = crypto.randomBytes(8).toString('hex');
var fn = 'node-red-git-askpass-'+seed+'-sock';
var listenPath;
if (process.platform === 'win32') {