archetecture security fix
This commit is contained in:
+24
@@ -0,0 +1,24 @@
|
||||
"use strict";
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.generatePublicAccessToken = generatePublicAccessToken;
|
||||
exports.hashPublicAccessToken = hashPublicAccessToken;
|
||||
exports.timingSafeEqualTokenHash = timingSafeEqualTokenHash;
|
||||
const crypto_1 = __importDefault(require("crypto"));
|
||||
function generatePublicAccessToken() {
|
||||
const token = crypto_1.default.randomBytes(32).toString('base64url');
|
||||
return { token, tokenHash: hashPublicAccessToken(token) };
|
||||
}
|
||||
function hashPublicAccessToken(token) {
|
||||
return crypto_1.default.createHash('sha256').update(token).digest('hex');
|
||||
}
|
||||
function timingSafeEqualTokenHash(a, b) {
|
||||
const left = Buffer.from(a, 'hex');
|
||||
const right = Buffer.from(b, 'hex');
|
||||
if (left.length !== right.length)
|
||||
return false;
|
||||
return crypto_1.default.timingSafeEqual(left, right);
|
||||
}
|
||||
//# sourceMappingURL=publicAccessTokens.js.map
|
||||
Reference in New Issue
Block a user