refactor(backend): replace rndstr with secureRndstr (#11044)
* refactor(backend): replace rndstr with secureRndstr * Update pnpm-lock.yaml * .js
This commit is contained in:
parent
7bb8c71543
commit
ef354e94f2
|
@ -133,7 +133,6 @@
|
||||||
"redis-lock": "0.1.4",
|
"redis-lock": "0.1.4",
|
||||||
"reflect-metadata": "0.1.13",
|
"reflect-metadata": "0.1.13",
|
||||||
"rename": "1.0.4",
|
"rename": "1.0.4",
|
||||||
"rndstr": "1.0.0",
|
|
||||||
"rss-parser": "3.13.0",
|
"rss-parser": "3.13.0",
|
||||||
"rxjs": "7.8.1",
|
"rxjs": "7.8.1",
|
||||||
"s-age": "1.1.2",
|
"s-age": "1.1.2",
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
|
|
||||||
export default () => secureRndstr(16, true);
|
export default () => secureRndstr(16);
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
import * as crypto from 'node:crypto';
|
import * as crypto from 'node:crypto';
|
||||||
|
|
||||||
const L_CHARS = '0123456789abcdefghijklmnopqrstuvwxyz';
|
export const L_CHARS = '0123456789abcdefghijklmnopqrstuvwxyz';
|
||||||
const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||||
|
|
||||||
export function secureRndstr(length = 32, useLU = true): string {
|
export function secureRndstr(length = 32, { chars = LU_CHARS } = {}): string {
|
||||||
const chars = useLU ? LU_CHARS : L_CHARS;
|
|
||||||
const chars_len = chars.length;
|
const chars_len = chars.length;
|
||||||
|
|
||||||
let str = '';
|
let str = '';
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import bcrypt from 'bcryptjs';
|
import bcrypt from 'bcryptjs';
|
||||||
import { IsNull } from 'typeorm';
|
import { IsNull } from 'typeorm';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
|
@ -16,6 +15,7 @@ import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
|
||||||
import { bindThis } from '@/decorators.js';
|
import { bindThis } from '@/decorators.js';
|
||||||
import { SigninService } from './SigninService.js';
|
import { SigninService } from './SigninService.js';
|
||||||
import type { FastifyRequest, FastifyReply } from 'fastify';
|
import type { FastifyRequest, FastifyReply } from 'fastify';
|
||||||
|
import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class SignupApiService {
|
export class SignupApiService {
|
||||||
|
@ -142,7 +142,7 @@ export class SignupApiService {
|
||||||
throw new FastifyReplyError(400, 'DENIED_USERNAME');
|
throw new FastifyReplyError(400, 'DENIED_USERNAME');
|
||||||
}
|
}
|
||||||
|
|
||||||
const code = rndstr('a-z0-9', 16);
|
const code = secureRndstr(16, { chars: L_CHARS });
|
||||||
|
|
||||||
// Generate hash of password
|
// Generate hash of password
|
||||||
const salt = await bcrypt.genSalt(8);
|
const salt = await bcrypt.genSalt(8);
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import { Endpoint } from '@/server/api/endpoint-base.js';
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
||||||
import type { DriveFilesRepository } from '@/models/index.js';
|
import type { DriveFilesRepository } from '@/models/index.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import bcrypt from 'bcryptjs';
|
import bcrypt from 'bcryptjs';
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import { Endpoint } from '@/server/api/endpoint-base.js';
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
||||||
import type { UsersRepository, UserProfilesRepository } from '@/models/index.js';
|
import type { UsersRepository, UserProfilesRepository } from '@/models/index.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
tags: ['admin'],
|
tags: ['admin'],
|
||||||
|
@ -54,7 +54,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
throw new Error('cannot reset password of root');
|
throw new Error('cannot reset password of root');
|
||||||
}
|
}
|
||||||
|
|
||||||
const passwd = rndstr('a-zA-Z0-9', 8);
|
const passwd = secureRndstr(8);
|
||||||
|
|
||||||
// Generate hash of password
|
// Generate hash of password
|
||||||
const hash = bcrypt.hashSync(passwd);
|
const hash = bcrypt.hashSync(passwd);
|
||||||
|
|
|
@ -44,7 +44,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
) {
|
) {
|
||||||
super(meta, paramDef, async (ps, me) => {
|
super(meta, paramDef, async (ps, me) => {
|
||||||
// Generate secret
|
// Generate secret
|
||||||
const secret = secureRndstr(32, true);
|
const secret = secureRndstr(32);
|
||||||
|
|
||||||
// for backward compatibility
|
// for backward compatibility
|
||||||
const permission = unique(ps.permission.map(v => v.replace(/^(.+)(\/|-)(read|write)$/, '$3:$1')));
|
const permission = unique(ps.permission.map(v => v.replace(/^(.+)(\/|-)(read|write)$/, '$3:$1')));
|
||||||
|
|
|
@ -55,7 +55,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
throw new ApiError(meta.errors.noSuchSession);
|
throw new ApiError(meta.errors.noSuchSession);
|
||||||
}
|
}
|
||||||
|
|
||||||
const accessToken = secureRndstr(32, true);
|
const accessToken = secureRndstr(32);
|
||||||
|
|
||||||
// Fetch exist access token
|
// Fetch exist access token
|
||||||
const exist = await this.accessTokensRepository.findOneBy({
|
const exist = await this.accessTokensRepository.findOneBy({
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import ms from 'ms';
|
import ms from 'ms';
|
||||||
import bcrypt from 'bcryptjs';
|
import bcrypt from 'bcryptjs';
|
||||||
import { Endpoint } from '@/server/api/endpoint-base.js';
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
||||||
|
@ -9,6 +8,7 @@ import { EmailService } from '@/core/EmailService.js';
|
||||||
import type { Config } from '@/config.js';
|
import type { Config } from '@/config.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
import { GlobalEventService } from '@/core/GlobalEventService.js';
|
import { GlobalEventService } from '@/core/GlobalEventService.js';
|
||||||
|
import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
import { ApiError } from '../../error.js';
|
import { ApiError } from '../../error.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
|
@ -94,7 +94,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
this.globalEventService.publishMainStream(me.id, 'meUpdated', iObj);
|
this.globalEventService.publishMainStream(me.id, 'meUpdated', iObj);
|
||||||
|
|
||||||
if (ps.email != null) {
|
if (ps.email != null) {
|
||||||
const code = rndstr('a-z0-9', 16);
|
const code = secureRndstr(16, { chars: L_CHARS });
|
||||||
|
|
||||||
await this.userProfilesRepository.update(me.id, {
|
await this.userProfilesRepository.update(me.id, {
|
||||||
emailVerifyCode: code,
|
emailVerifyCode: code,
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
import { Endpoint } from '@/server/api/endpoint-base.js';
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
||||||
import type { RegistrationTicketsRepository } from '@/models/index.js';
|
import type { RegistrationTicketsRepository } from '@/models/index.js';
|
||||||
import { IdService } from '@/core/IdService.js';
|
import { IdService } from '@/core/IdService.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
tags: ['meta'],
|
tags: ['meta'],
|
||||||
|
@ -42,9 +42,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
private idService: IdService,
|
private idService: IdService,
|
||||||
) {
|
) {
|
||||||
super(meta, paramDef, async (ps, me) => {
|
super(meta, paramDef, async (ps, me) => {
|
||||||
const code = rndstr({
|
const code = secureRndstr(8, {
|
||||||
length: 8,
|
chars: '23456789ABCDEFGHJKLMNPQRSTUVWXYZ', // [0-9A-Z] w/o [01IO] (32 patterns)
|
||||||
chars: '2-9A-HJ-NP-Z', // [0-9A-Z] w/o [01IO] (32 patterns)
|
|
||||||
});
|
});
|
||||||
|
|
||||||
await this.registrationTicketsRepository.insert({
|
await this.registrationTicketsRepository.insert({
|
||||||
|
|
|
@ -49,7 +49,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
) {
|
) {
|
||||||
super(meta, paramDef, async (ps, me) => {
|
super(meta, paramDef, async (ps, me) => {
|
||||||
// Generate access token
|
// Generate access token
|
||||||
const accessToken = secureRndstr(32, true);
|
const accessToken = secureRndstr(32);
|
||||||
|
|
||||||
const now = new Date();
|
const now = new Date();
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import ms from 'ms';
|
import ms from 'ms';
|
||||||
import { IsNull } from 'typeorm';
|
import { IsNull } from 'typeorm';
|
||||||
import { Inject, Injectable } from '@nestjs/common';
|
import { Inject, Injectable } from '@nestjs/common';
|
||||||
|
@ -8,6 +7,7 @@ import { IdService } from '@/core/IdService.js';
|
||||||
import type { Config } from '@/config.js';
|
import type { Config } from '@/config.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
import { EmailService } from '@/core/EmailService.js';
|
import { EmailService } from '@/core/EmailService.js';
|
||||||
|
import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
tags: ['reset password'],
|
tags: ['reset password'],
|
||||||
|
@ -77,7 +77,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const token = rndstr('a-z0-9', 64);
|
const token = secureRndstr(64, { chars: L_CHARS });
|
||||||
|
|
||||||
await this.passwordResetRequestsRepository.insert({
|
await this.passwordResetRequestsRepository.insert({
|
||||||
id: this.idService.genId(),
|
id: this.idService.genId(),
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
process.env.NODE_ENV = 'test';
|
process.env.NODE_ENV = 'test';
|
||||||
|
|
||||||
import * as assert from 'assert';
|
import * as assert from 'assert';
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import { loadConfig } from '@/config.js';
|
import { loadConfig } from '@/config.js';
|
||||||
import { User, UsersRepository } from '@/models/index.js';
|
import { User, UsersRepository } from '@/models/index.js';
|
||||||
import { jobQueue } from '@/boot/common.js';
|
import { jobQueue } from '@/boot/common.js';
|
||||||
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
import { uploadFile, signup, startServer, initTestDb, api, sleep, successfulApiCall } from '../utils.js';
|
import { uploadFile, signup, startServer, initTestDb, api, sleep, successfulApiCall } from '../utils.js';
|
||||||
import type { INestApplicationContext } from '@nestjs/common';
|
import type { INestApplicationContext } from '@nestjs/common';
|
||||||
import type * as misskey from 'misskey-js';
|
import type * as misskey from 'misskey-js';
|
||||||
|
@ -163,7 +163,7 @@ describe('Account Move', () => {
|
||||||
alsoKnownAs: [`@alice@${url.hostname}`],
|
alsoKnownAs: [`@alice@${url.hostname}`],
|
||||||
}, root);
|
}, root);
|
||||||
const listRoot = await api('/users/lists/create', {
|
const listRoot = await api('/users/lists/create', {
|
||||||
name: rndstr('0-9a-z', 8),
|
name: secureRndstr(8),
|
||||||
}, root);
|
}, root);
|
||||||
await api('/users/lists/push', {
|
await api('/users/lists/push', {
|
||||||
listId: listRoot.body.id,
|
listId: listRoot.body.id,
|
||||||
|
@ -177,9 +177,9 @@ describe('Account Move', () => {
|
||||||
userId: eve.id,
|
userId: eve.id,
|
||||||
}, alice);
|
}, alice);
|
||||||
const antenna = await api('/antennas/create', {
|
const antenna = await api('/antennas/create', {
|
||||||
name: rndstr('0-9a-z', 8),
|
name: secureRndstr(8),
|
||||||
src: 'home',
|
src: 'home',
|
||||||
keywords: [rndstr('0-9a-z', 8)],
|
keywords: [secureRndstr(8)],
|
||||||
excludeKeywords: [],
|
excludeKeywords: [],
|
||||||
users: [],
|
users: [],
|
||||||
caseSensitive: false,
|
caseSensitive: false,
|
||||||
|
@ -211,7 +211,7 @@ describe('Account Move', () => {
|
||||||
userId: dave.id,
|
userId: dave.id,
|
||||||
}, eve);
|
}, eve);
|
||||||
const listEve = await api('/users/lists/create', {
|
const listEve = await api('/users/lists/create', {
|
||||||
name: rndstr('0-9a-z', 8),
|
name: secureRndstr(8),
|
||||||
}, eve);
|
}, eve);
|
||||||
await api('/users/lists/push', {
|
await api('/users/lists/push', {
|
||||||
listId: listEve.body.id,
|
listId: listEve.body.id,
|
||||||
|
@ -420,9 +420,9 @@ describe('Account Move', () => {
|
||||||
test('Prohibit access after moving: /antennas/update', async () => {
|
test('Prohibit access after moving: /antennas/update', async () => {
|
||||||
const res = await api('/antennas/update', {
|
const res = await api('/antennas/update', {
|
||||||
antennaId,
|
antennaId,
|
||||||
name: rndstr('0-9a-z', 8),
|
name: secureRndstr(8),
|
||||||
src: 'users',
|
src: 'users',
|
||||||
keywords: [rndstr('0-9a-z', 8)],
|
keywords: [secureRndstr(8)],
|
||||||
excludeKeywords: [],
|
excludeKeywords: [],
|
||||||
users: [eve.id],
|
users: [eve.id],
|
||||||
caseSensitive: false,
|
caseSensitive: false,
|
||||||
|
|
|
@ -4,7 +4,6 @@ import { jest } from '@jest/globals';
|
||||||
import { ModuleMocker } from 'jest-mock';
|
import { ModuleMocker } from 'jest-mock';
|
||||||
import { Test } from '@nestjs/testing';
|
import { Test } from '@nestjs/testing';
|
||||||
import * as lolex from '@sinonjs/fake-timers';
|
import * as lolex from '@sinonjs/fake-timers';
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import { GlobalModule } from '@/GlobalModule.js';
|
import { GlobalModule } from '@/GlobalModule.js';
|
||||||
import { RoleService } from '@/core/RoleService.js';
|
import { RoleService } from '@/core/RoleService.js';
|
||||||
import type { Role, RolesRepository, RoleAssignmentsRepository, UsersRepository, User } from '@/models/index.js';
|
import type { Role, RolesRepository, RoleAssignmentsRepository, UsersRepository, User } from '@/models/index.js';
|
||||||
|
@ -14,6 +13,7 @@ import { genAid } from '@/misc/id/aid.js';
|
||||||
import { CacheService } from '@/core/CacheService.js';
|
import { CacheService } from '@/core/CacheService.js';
|
||||||
import { IdService } from '@/core/IdService.js';
|
import { IdService } from '@/core/IdService.js';
|
||||||
import { GlobalEventService } from '@/core/GlobalEventService.js';
|
import { GlobalEventService } from '@/core/GlobalEventService.js';
|
||||||
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
import { sleep } from '../utils.js';
|
import { sleep } from '../utils.js';
|
||||||
import type { TestingModule } from '@nestjs/testing';
|
import type { TestingModule } from '@nestjs/testing';
|
||||||
import type { MockFunctionMetadata } from 'jest-mock';
|
import type { MockFunctionMetadata } from 'jest-mock';
|
||||||
|
@ -30,7 +30,7 @@ describe('RoleService', () => {
|
||||||
let clock: lolex.InstalledClock;
|
let clock: lolex.InstalledClock;
|
||||||
|
|
||||||
function createUser(data: Partial<User> = {}) {
|
function createUser(data: Partial<User> = {}) {
|
||||||
const un = rndstr('a-z0-9', 16);
|
const un = secureRndstr(16);
|
||||||
return usersRepository.insert({
|
return usersRepository.insert({
|
||||||
id: genAid(new Date()),
|
id: genAid(new Date()),
|
||||||
createdAt: new Date(),
|
createdAt: new Date(),
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
process.env.NODE_ENV = 'test';
|
process.env.NODE_ENV = 'test';
|
||||||
|
|
||||||
import * as assert from 'assert';
|
import * as assert from 'assert';
|
||||||
import rndstr from 'rndstr';
|
|
||||||
import { Test } from '@nestjs/testing';
|
import { Test } from '@nestjs/testing';
|
||||||
import { jest } from '@jest/globals';
|
import { jest } from '@jest/globals';
|
||||||
|
|
||||||
|
@ -13,13 +12,14 @@ import { CoreModule } from '@/core/CoreModule.js';
|
||||||
import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
|
import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
|
||||||
import { LoggerService } from '@/core/LoggerService.js';
|
import { LoggerService } from '@/core/LoggerService.js';
|
||||||
import type { IActor } from '@/core/activitypub/type.js';
|
import type { IActor } from '@/core/activitypub/type.js';
|
||||||
import { MockResolver } from '../misc/mock-resolver.js';
|
|
||||||
import { Note } from '@/models/index.js';
|
import { Note } from '@/models/index.js';
|
||||||
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
|
import { MockResolver } from '../misc/mock-resolver.js';
|
||||||
|
|
||||||
const host = 'https://host1.test';
|
const host = 'https://host1.test';
|
||||||
|
|
||||||
function createRandomActor(): IActor & { id: string } {
|
function createRandomActor(): IActor & { id: string } {
|
||||||
const preferredUsername = `${rndstr('A-Z', 4)}${rndstr('a-z', 4)}`;
|
const preferredUsername = secureRndstr(8);
|
||||||
const actorId = `${host}/users/${preferredUsername.toLowerCase()}`;
|
const actorId = `${host}/users/${preferredUsername.toLowerCase()}`;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
|
@ -61,7 +61,7 @@ describe('ActivityPub', () => {
|
||||||
|
|
||||||
const post = {
|
const post = {
|
||||||
'@context': 'https://www.w3.org/ns/activitystreams',
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
||||||
id: `${host}/users/${rndstr('0-9a-z', 8)}`,
|
id: `${host}/users/${secureRndstr(8)}`,
|
||||||
type: 'Note',
|
type: 'Note',
|
||||||
attributedTo: actor.id,
|
attributedTo: actor.id,
|
||||||
to: 'https://www.w3.org/ns/activitystreams#Public',
|
to: 'https://www.w3.org/ns/activitystreams#Public',
|
||||||
|
@ -94,7 +94,7 @@ describe('ActivityPub', () => {
|
||||||
test('Truncate long name', async () => {
|
test('Truncate long name', async () => {
|
||||||
const actor = {
|
const actor = {
|
||||||
...createRandomActor(),
|
...createRandomActor(),
|
||||||
name: rndstr('0-9a-z', 129),
|
name: secureRndstr(129),
|
||||||
};
|
};
|
||||||
|
|
||||||
resolver._register(actor.id, actor);
|
resolver._register(actor.id, actor);
|
||||||
|
|
|
@ -314,9 +314,6 @@ importers:
|
||||||
rename:
|
rename:
|
||||||
specifier: 1.0.4
|
specifier: 1.0.4
|
||||||
version: 1.0.4
|
version: 1.0.4
|
||||||
rndstr:
|
|
||||||
specifier: 1.0.0
|
|
||||||
version: 1.0.0
|
|
||||||
rss-parser:
|
rss-parser:
|
||||||
specifier: 3.13.0
|
specifier: 3.13.0
|
||||||
version: 3.13.0
|
version: 3.13.0
|
||||||
|
|
Loading…
Reference in a new issue