github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Refactor token generator, and use crypto for numerics

Browse source
This commit is contained in:
Shane Kilkelly 2017-10-26 16:01:53 +01:00
parent d2a17c2745
commit 18443b55cb
1 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee
View file

@ -12,19 +12,33 @@ module.exports = ProjectTokenGenerator =
# a y), and lower case "l" is omitted, because in many fonts it is # a y), and lower case "l" is omitted, because in many fonts it is
# indistinguishable from an upper case "I" (and sometimes even the number 1). # indistinguishable from an upper case "I" (and sometimes even the number 1).
TOKEN_ALPHA: 'bcdfghjkmnpqrstvwxyz' TOKEN_ALPHA: 'bcdfghjkmnpqrstvwxyz'
TOKEN_NUMERICS: '123456789'
_randomString: (length, alphabet) ->
result = ''
crypto.randomBytes(length).map(
(b) -> result += alphabet[b % alphabet.length]
)
return result
# Generate a 12-char token with only characters from TOKEN_ALPHA, # Generate a 12-char token with only characters from TOKEN_ALPHA,
# suitable for use as a read-only token for a project # suitable for use as a read-only token for a project
readOnlyToken: () -> readOnlyToken: () ->
length = 12 return ProjectTokenGenerator._randomString(
tokenAlpha = ProjectTokenGenerator.TOKEN_ALPHA 12,
result = '' ProjectTokenGenerator.TOKEN_ALPHA
crypto.randomBytes(length).map( (a) -> result += tokenAlpha[a % tokenAlpha.length] ) )
return result
# Generate a longer token, with a numeric prefix, # Generate a longer token, with a numeric prefix,
# suitable for use as a read-and-write token for a project # suitable for use as a read-and-write token for a project
readAndWriteToken: () -> readAndWriteToken: () ->
numerics = Math.random().toString().slice(2, 12) numerics = ProjectTokenGenerator._randomString(
token = ProjectTokenGenerator.readOnlyToken() 10,
return "#{numerics}#{token}" ProjectTokenGenerator.TOKEN_NUMERICS
)
token = ProjectTokenGenerator._randomString(
12,
ProjectTokenGenerator.TOKEN_ALPHA
)
fullToken = "#{numerics}#{token}"
return fullToken