self-hosted/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2025-06-27 00:51:30 +02:00
Code Issues Actions 5 Releases Activity

Switched to nanoid for key generation

Browse Source 
To try and prevent any security issues, use an external package to
generate key instead of doing it ourselves. Note: we have to use nanoid
version 3 as nanoid version 4 requires ESM. Currently, nanoid v3 is
still supported.

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
This commit is contained in:
Matthew Nickson
2023-02-26 19:36:50 +00:00
parent 11fa690e09
commit 669f8700b2
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/socket-handlers/api-key-socket-handler.js
View File

@ -1,7 +1,7 @@
const { checkLogin } = require("../util-server");
const { log } = require("../../src/util");
const { R } = require("redbean-node");
const crypto = require("crypto");
const { nanoid } = require("nanoid");
const passwordHash = require("../password-hash");
const apicache = require("../modules/apicache");
const APIKey = require("../model/api_key");
@ -17,7 +17,8 @@ module.exports.apiKeySocketHandler = (socket) => {
socket.on("addAPIKey", async (key, callback) => {
try {
checkLogin(socket);
let clearKey = crypto.randomBytes(32).toString("base64url");
let clearKey = nanoid(40);
let hashedKey = passwordHash.generate(clearKey);
key["key"] = hashedKey;
let bean = await APIKey.save(key, socket.userID);