Self-Hosted
/
uptime-kuma
mirror of https://github.com/louislam/uptime-kuma
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Switched to nanoid for key generation

Browse Source 
To try and prevent any security issues, use an external package to
generate key instead of doing it ourselves. Note: we have to use nanoid
version 3 as nanoid version 4 requires ESM. Currently, nanoid v3 is
still supported.

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
pull/2558/head
Matthew Nickson 2 years ago
parent 11fa690e09
commit 669f8700b2
No known key found for this signature in database
GPG Key ID: BF229DCFD4748E05
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File

5
package-lock.json generated
Unescape View File

@ -45,6 +45,7 @@
"mqtt": "~4.3.7", "mqtt": "~4.3.7",
"mssql": "~8.1.4", "mssql": "~8.1.4",
"mysql2": "~2.3.3", "mysql2": "~2.3.3",
"nanoid": "^3.3.4",
"node-cloudflared-tunnel": "~1.0.9", "node-cloudflared-tunnel": "~1.0.9",
"node-radius-client": "~1.0.0", "node-radius-client": "~1.0.0",
"nodemailer": "~6.6.5", "nodemailer": "~6.6.5",
@ -14247,7 +14248,6 @@
"version": "3.3.4", "version": "3.3.4",
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
"dev": true,
"bin": { "bin": {
"nanoid": "bin/nanoid.cjs" "nanoid": "bin/nanoid.cjs"
}, },
@ -29825,8 +29825,7 @@
"nanoid": { "nanoid": {
"version": "3.3.4", "version": "3.3.4",
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
"integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw=="
"dev": true
}, },
"native-duplexpair": { "native-duplexpair": {
"version": "1.0.0", "version": "1.0.0",

1
package.json
Unescape View File

@ -103,6 +103,7 @@
"mqtt": "~4.3.7", "mqtt": "~4.3.7",
"mssql": "~8.1.4", "mssql": "~8.1.4",
"mysql2": "~2.3.3", "mysql2": "~2.3.3",
"nanoid": "^3.3.4",
"node-cloudflared-tunnel": "~1.0.9", "node-cloudflared-tunnel": "~1.0.9",
"node-radius-client": "~1.0.0", "node-radius-client": "~1.0.0",
"nodemailer": "~6.6.5", "nodemailer": "~6.6.5",

5
server/socket-handlers/api-key-socket-handler.js
Unescape View File

@ -1,7 +1,7 @@
const { checkLogin } = require("../util-server"); const { checkLogin } = require("../util-server");
const { log } = require("../../src/util"); const { log } = require("../../src/util");
const { R } = require("redbean-node"); const { R } = require("redbean-node");
const crypto = require("crypto"); const { nanoid } = require("nanoid");
const passwordHash = require("../password-hash"); const passwordHash = require("../password-hash");
const apicache = require("../modules/apicache"); const apicache = require("../modules/apicache");
const APIKey = require("../model/api_key"); const APIKey = require("../model/api_key");
@ -17,7 +17,8 @@ module.exports.apiKeySocketHandler = (socket) => {
socket.on("addAPIKey", async (key, callback) => { socket.on("addAPIKey", async (key, callback) => {
try { try {
checkLogin(socket); checkLogin(socket);
let clearKey = crypto.randomBytes(32).toString("base64url");
let clearKey = nanoid(40);
let hashedKey = passwordHash.generate(clearKey); let hashedKey = passwordHash.generate(clearKey);
key["key"] = hashedKey; key["key"] = hashedKey;
let bean = await APIKey.save(key, socket.userID); let bean = await APIKey.save(key, socket.userID);

Write Preview
Loading…
Cancel
Save