github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 11:16:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

auth: Encode secret in base64url

Browse source 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-26 10:19:12 +01:00 committed by David Mehren
parent 1791cb7c82
commit 62a5215242
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
2 changed files with 6 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/auth/auth.service.ts
View file

@ -70,9 +70,9 @@ export class AuthService {
// base64url is quite easy buildable from base64
return text
.toString('base64')
.replaceAll(/\+/g, '-')
.replaceAll(/\//g, '_')
.replaceAll(/=+$/g, '');
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/, '');
}
async createTokenForUser(
@ -88,10 +88,9 @@ export class AuthService {
`User '${user.userName}' has already 200 tokens and can't have anymore`,
);
}
const secret = await this.randomString(64);
const secret = this.BufferToBase64Url(await this.randomString(64));
const keyId = this.BufferToBase64Url(await this.randomString(8));
const accessTokenString = await this.hashPassword(secret.toString());
const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
const accessToken = await this.hashPassword(secret);
let token;
// Tokens can only be valid for a maximum of 2 years
const maximumTokenValidity =

3
tsconfig.json
View file

@ -10,7 +10,6 @@
"sourceMap": true,
"outDir": "./dist",
"baseUrl": "./",
"incremental": true,
"lib": ["esnext"]
"incremental": true
}
}