github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-20 06:02:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

auth: Encode secret in base64url

Browse source 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-26 10:19:12 +01:00
parent 7aeb77b262
commit 563f862846
2 changed files with 6 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/auth/auth.service.ts
View file

@ -70,9 +70,9 @@ export class AuthService {
// base64url is quite easy buildable from base64 // base64url is quite easy buildable from base64
return text return text
.toString('base64') .toString('base64')
.replaceAll(/\+/g, '-') .replace(/\+/g, '-')
.replaceAll(/\//g, '_') .replace(/\//g, '_')
.replaceAll(/=+$/g, ''); .replace(/=+$/, '');
} }
async createTokenForUser( async createTokenForUser(
@ -88,10 +88,9 @@ export class AuthService {
`User '${user.userName}' has already 200 tokens and can't have anymore`, `User '${user.userName}' has already 200 tokens and can't have anymore`,
); );
} }
const secret = await this.randomString(64); const secret = this.BufferToBase64Url(await this.randomString(64));
const keyId = this.BufferToBase64Url(await this.randomString(8)); const keyId = this.BufferToBase64Url(await this.randomString(8));
const accessTokenString = await this.hashPassword(secret.toString()); const accessToken = await this.hashPassword(secret);
const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
let token; let token;
// Tokens can only be valid for a maximum of 2 years // Tokens can only be valid for a maximum of 2 years
const maximumTokenValidity = const maximumTokenValidity =

3
tsconfig.json
View file

@ -10,7 +10,6 @@
"sourceMap": true, "sourceMap": true,
"outDir": "./dist", "outDir": "./dist",
"baseUrl": "./", "baseUrl": "./",
"incremental": true, "incremental": true
"lib": ["esnext"]
} }
} }