frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace Math.random with crypto.getBytes for session tokens

Browse Source
This commit is contained in:
Nick O'Leary
2020-09-11 14:09:54 +01:00
parent baffe4861c
commit 70b6674f44
3 changed files with 6 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
packages/node_modules/@node-red/editor-api/lib/auth/tokens.js vendored
View File

@@ -14,15 +14,7 @@
* limitations under the License.
**/
function generateToken(length) {
var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
var token = [];
for (var i=0;i<length;i++) {
token.push(c[Math.floor(Math.random()*c.length)]);
}
return token.join("");
}
const crypto = require("crypto");
var storage;
var sessionExpiryTime
@@ -115,7 +107,7 @@ module.exports = {
},
create: function(user,client,scope) {
return loadSessions().then(function() {
var accessToken = generateToken(128);
var accessToken = crypto.randomBytes(128).toString('base64');
var accessTokenExpiresAt = Date.now() + (sessionExpiryTime*1000);