github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity
overleaf/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee
Simon Detheridge 7dcc807caf Merge pull request #1479 from sharelatex/sk-check-read-token-against-v1 
Check generated read-tokens against v1

GitOrigin-RevId: 15749a41a295c0401b0a39968f2c3657f8abebb8
2019-02-11 11:42:29 +00:00

66 lines
2.2 KiB
CoffeeScript
Raw Blame History

crypto = require 'crypto'
V1Api = require('../V1/V1Api')
Async = require('async')
logger = require('logger-sharelatex')
# This module mirrors the token generation in Overleaf (`random_token.rb`),
# for the purposes of implementing token-based project access, like the
# 'unlisted-projects' feature in Overleaf
module.exports = ProjectTokenGenerator =
# (From Overleaf `random_token.rb`)
# Letters (not numbers! see generate_token) used in tokens. They're all
# consonants, to avoid embarassing words (I can't think of any that use only
# a y), and lower case "l" is omitted, because in many fonts it is
# indistinguishable from an upper case "I" (and sometimes even the number 1).
TOKEN_ALPHA: 'bcdfghjkmnpqrstvwxyz'
TOKEN_NUMERICS: '123456789'
_randomString: (length, alphabet) ->
result = crypto.randomBytes(length).toJSON().data.map(
(b) -> alphabet[b % alphabet.length]
).join('')
return result
# Generate a 12-char token with only characters from TOKEN_ALPHA,
# suitable for use as a read-only token for a project
readOnlyToken: () ->
return ProjectTokenGenerator._randomString(
12,
ProjectTokenGenerator.TOKEN_ALPHA
)
# Generate a longer token, with a numeric prefix,
# suitable for use as a read-and-write token for a project
readAndWriteToken: () ->
numerics = ProjectTokenGenerator._randomString(
10,
ProjectTokenGenerator.TOKEN_NUMERICS
)
token = ProjectTokenGenerator._randomString(
12,
ProjectTokenGenerator.TOKEN_ALPHA
)
fullToken = "#{numerics}#{token}"
return fullToken
generateUniqueReadOnlyToken: (callback=(err, token)->) ->
Async.retry 10
, (cb) ->
token = ProjectTokenGenerator.readOnlyToken()
logger.log {token}, "Generated read-only token"
V1Api.request {
url: "/api/v1/sharelatex/docs/read_token/#{token}/exists",
json: true
}, (err, response, body) ->
return cb(err) if err?
if response.statusCode != 200
return cb(new Error("non-200 response from v1 read-token-exists api: #{response.statusCode}"))
if body.exists == true
cb(new Error("token already exists in v1: #{token}"))
else
logger.log {token}, "Read-only token does not exist in v1, good to use"
cb(null, token)
, callback
Reference in a new issue View git blame Copy permalink