Refactor token generator, and use crypto for numerics

2026-06-04 14:49:01 +02:00 · 2017-10-26 16:01:53 +01:00
parent d2a17c2745
commit 18443b55cb
1 changed files with 22 additions and 8 deletions
@@ -12,19 +12,33 @@ module.exports = ProjectTokenGenerator =
  #   a y), and lower case "l" is omitted, because in many fonts it is
  #   indistinguishable from an upper case "I" (and sometimes even the number 1).
 	TOKEN_ALPHA: 'bcdfghjkmnpqrstvwxyz'
+	TOKEN_NUMERICS: '123456789'
+
+	_randomString: (length, alphabet) ->
+		result = ''
+		crypto.randomBytes(length).map(
+			(b) -> result += alphabet[b % alphabet.length]
+		)
+		return result

 	# Generate a 12-char token with only characters from TOKEN_ALPHA,
 	# suitable for use as a read-only token for a project
 	readOnlyToken: () ->
-		length = 12
-		tokenAlpha = ProjectTokenGenerator.TOKEN_ALPHA
-		result = ''
-		crypto.randomBytes(length).map( (a) -> result += tokenAlpha[a % tokenAlpha.length] )
-		return result
+		return ProjectTokenGenerator._randomString(
+			12,
+			ProjectTokenGenerator.TOKEN_ALPHA
+		)

 	# Generate a longer token, with a numeric prefix,
 	# suitable for use as a read-and-write token for a project
 	readAndWriteToken: () ->
-		numerics = Math.random().toString().slice(2, 12)
-		token = ProjectTokenGenerator.readOnlyToken()
-		return "#{numerics}#{token}"
+		numerics = ProjectTokenGenerator._randomString(
+			10,
+			ProjectTokenGenerator.TOKEN_NUMERICS
+		)
+		token = ProjectTokenGenerator._randomString(
+			12,
+			ProjectTokenGenerator.TOKEN_ALPHA
+		)
+		fullToken = "#{numerics}#{token}"
+		return fullToken