mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-01-11 01:52:21 +00:00
auth: Encode secret in base64url
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
7aeb77b262
commit
563f862846
2 changed files with 6 additions and 8 deletions
|
@ -70,9 +70,9 @@ export class AuthService {
|
|||
// base64url is quite easy buildable from base64
|
||||
return text
|
||||
.toString('base64')
|
||||
.replaceAll(/\+/g, '-')
|
||||
.replaceAll(/\//g, '_')
|
||||
.replaceAll(/=+$/g, '');
|
||||
.replace(/\+/g, '-')
|
||||
.replace(/\//g, '_')
|
||||
.replace(/=+$/, '');
|
||||
}
|
||||
|
||||
async createTokenForUser(
|
||||
|
@ -88,10 +88,9 @@ export class AuthService {
|
|||
`User '${user.userName}' has already 200 tokens and can't have anymore`,
|
||||
);
|
||||
}
|
||||
const secret = await this.randomString(64);
|
||||
const secret = this.BufferToBase64Url(await this.randomString(64));
|
||||
const keyId = this.BufferToBase64Url(await this.randomString(8));
|
||||
const accessTokenString = await this.hashPassword(secret.toString());
|
||||
const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
|
||||
const accessToken = await this.hashPassword(secret);
|
||||
let token;
|
||||
// Tokens can only be valid for a maximum of 2 years
|
||||
const maximumTokenValidity =
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
"sourceMap": true,
|
||||
"outDir": "./dist",
|
||||
"baseUrl": "./",
|
||||
"incremental": true,
|
||||
"lib": ["esnext"]
|
||||
"incremental": true
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue