self-hosted/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2025-06-27 00:51:30 +02:00
Code Issues Actions 5 Releases Activity

Switched to crypto.randomBytes fpr key generation

Browse Source 
Keys are now 32 bytes long encoded in a URL safe base64 string

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
This commit is contained in:
Matthew Nickson
2023-02-26 16:47:34 +00:00
parent b8720b46c3
commit 42a69c16ca
2 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/socket-handlers/api-key-socket-handler.js
View File

@ -17,7 +17,7 @@ module.exports.apiKeySocketHandler = (socket) => {
socket.on("addAPIKey", async (key, callback) => {
try {
checkLogin(socket);
let clearKey = crypto.randomUUID();
let clearKey = crypto.randomBytes(32).toString("base64url");
let hashedKey = passwordHash.generate(clearKey);
key["key"] = hashedKey;
let bean = await APIKey.save(key, socket.userID);
@ -25,9 +25,9 @@ module.exports.apiKeySocketHandler = (socket) => {
log.debug("apikeys", "Added API Key");
log.debug("apikeys", key);
// Append key ID to start of key seperated by -, used to get
// Append key ID and prefix to start of key seperated by _, used to get
// correct hash when validating key.
let formattedKey = bean.id + "-" + clearKey;
let formattedKey = "uk" + bean.id + "_" + clearKey;
await sendAPIKeyList(socket);
// Enable API auth if the user creates a key, otherwise only basic