From 18443b55cba5fdff5181bfd02f11f084339a45e1 Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Thu, 26 Oct 2017 16:01:53 +0100 Subject: [PATCH] Refactor token generator, and use crypto for numerics --- .../Project/ProjectTokenGenerator.coffee | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee b/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee index b3081d6e36..a0fced1e68 100644 --- a/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee +++ b/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee @@ -12,19 +12,33 @@ module.exports = ProjectTokenGenerator = # a y), and lower case "l" is omitted, because in many fonts it is # indistinguishable from an upper case "I" (and sometimes even the number 1). TOKEN_ALPHA: 'bcdfghjkmnpqrstvwxyz' + TOKEN_NUMERICS: '123456789' + + _randomString: (length, alphabet) -> + result = '' + crypto.randomBytes(length).map( + (b) -> result += alphabet[b % alphabet.length] + ) + return result # Generate a 12-char token with only characters from TOKEN_ALPHA, # suitable for use as a read-only token for a project readOnlyToken: () -> - length = 12 - tokenAlpha = ProjectTokenGenerator.TOKEN_ALPHA - result = '' - crypto.randomBytes(length).map( (a) -> result += tokenAlpha[a % tokenAlpha.length] ) - return result + return ProjectTokenGenerator._randomString( + 12, + ProjectTokenGenerator.TOKEN_ALPHA + ) # Generate a longer token, with a numeric prefix, # suitable for use as a read-and-write token for a project readAndWriteToken: () -> - numerics = Math.random().toString().slice(2, 12) - token = ProjectTokenGenerator.readOnlyToken() - return "#{numerics}#{token}" + numerics = ProjectTokenGenerator._randomString( + 10, + ProjectTokenGenerator.TOKEN_NUMERICS + ) + token = ProjectTokenGenerator._randomString( + 12, + ProjectTokenGenerator.TOKEN_ALPHA + ) + fullToken = "#{numerics}#{token}" + return fullToken