frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace Math.random with crypto.getBytes for session tokens

Browse Source
This commit is contained in:
Nick O'Leary
2020-09-11 14:09:54 +01:00
parent baffe4861c
commit 70b6674f44
3 changed files with 6 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/node_modules/@node-red/editor-api/lib/editor/comms.js vendored
View File

@@ -16,6 +16,7 @@
var ws = require("ws");
var url = require("url");
const crypto = require("crypto");
var log = require("@node-red/util").log; // TODO: separate module
var Tokens;
@@ -56,17 +57,9 @@ function handleSessionExpiry(session) {
}
})
}
function generateSession(length) {
var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
var token = [];
for (var i=0;i<length;i++) {
token.push(c[Math.floor(Math.random()*c.length)]);
}
return token.join("");
}
function CommsConnection(ws, user) {
this.session = generateSession(32);
this.session = crypto.randomBytes(32).toString('base64');
this.ws = ws;
this.stack = [];
this.user = user;