archetecture security fix
This commit is contained in:
Vendored
+33
@@ -0,0 +1,33 @@
|
||||
"use strict";
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.generateCompanyApiKey = generateCompanyApiKey;
|
||||
exports.getApiKeyPrefix = getApiKeyPrefix;
|
||||
exports.hashApiKey = hashApiKey;
|
||||
exports.timingSafeEqualHex = timingSafeEqualHex;
|
||||
const crypto_1 = __importDefault(require("crypto"));
|
||||
function generateCompanyApiKey() {
|
||||
const secret = crypto_1.default.randomBytes(32).toString('base64url');
|
||||
const prefix = `rdg_${crypto_1.default.randomBytes(6).toString('hex')}`;
|
||||
const rawKey = `${prefix}_${secret}`;
|
||||
return { rawKey, prefix, keyHash: hashApiKey(rawKey) };
|
||||
}
|
||||
function getApiKeyPrefix(rawKey) {
|
||||
const parts = rawKey.split('_');
|
||||
if (parts.length < 3)
|
||||
return null;
|
||||
return `${parts[0]}_${parts[1]}`;
|
||||
}
|
||||
function hashApiKey(rawKey) {
|
||||
return crypto_1.default.createHash('sha256').update(rawKey).digest('hex');
|
||||
}
|
||||
function timingSafeEqualHex(a, b) {
|
||||
const left = Buffer.from(a, 'hex');
|
||||
const right = Buffer.from(b, 'hex');
|
||||
if (left.length !== right.length)
|
||||
return false;
|
||||
return crypto_1.default.timingSafeEqual(left, right);
|
||||
}
|
||||
//# sourceMappingURL=apiKeys.js.map
|
||||
Reference in New Issue
Block a user