remove rndstr dependency
All checks were successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful

This dependency was unused in the client.

The use of it in the server can be replaced entirely by the
secureRndstr function, with some slight modifications.

That function could probably be refactored a bit more as well.
This commit is contained in:
Johann150 2022-12-07 18:03:29 +01:00
parent 71b976ec96
commit 0f3f42eb39
Signed by: Johann150
GPG key ID: 9EE6577A2A06F8F1
11 changed files with 20 additions and 47 deletions

View file

@ -91,7 +91,6 @@
"reflect-metadata": "0.1.13",
"rename": "1.0.4",
"require-all": "3.0.0",
"rndstr": "1.0.0",
"rss-parser": "3.12.0",
"sanitize-html": "2.7.0",
"semver": "7.3.7",

View file

@ -3,8 +3,7 @@ import * as crypto from 'node:crypto';
const L_CHARS = '0123456789abcdefghijklmnopqrstuvwxyz';
const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
export function secureRndstr(length = 32, useLU = true): string {
const chars = useLU ? LU_CHARS : L_CHARS;
export function secureRndstrCustom(length = 32, chars: string): string {
const chars_len = chars.length;
let str = '';
@ -19,3 +18,8 @@ export function secureRndstr(length = 32, useLU = true): string {
return str;
}
export function secureRndstr(length = 32, useLU = true): string {
const chars = useLU ? LU_CHARS : L_CHARS;
return secureRndstrCustom(length, chars);
}

View file

@ -1,7 +1,7 @@
import rndstr from 'rndstr';
import { DAY } from '@/const.js';
import { Note } from '@/models/entities/note.js';
import { User } from '@/models/entities/user.js';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { Notes, UserProfiles, NoteReactions } from '@/models/index.js';
import { generateMutedUserQuery } from './generate-muted-user-query.js';
import { generateBlockedUserQuery } from './generate-block-query.js';
@ -50,7 +50,7 @@ export async function injectFeatured(timeline: Note[], user?: User | null) {
// Pick random one
const featured = notes[Math.floor(Math.random() * notes.length)];
(featured as any)._featuredId_ = rndstr('a-z0-9', 8);
(featured as any)._featuredId_ = secureRndstr(8);
// Inject featured
timeline.splice(3, 0, featured);

View file

@ -1,4 +1,3 @@
import rndstr from 'rndstr';
import { publishBroadcastStream } from '@/services/stream.js';
import { db } from '@/db/postgre.js';
import { Emojis, DriveFiles } from '@/models/index.js';
@ -30,7 +29,7 @@ export default define(meta, paramDef, async (ps, me) => {
if (file == null) throw new ApiError('NO_SUCH_FILE');
const name = file.name.split('.')[0].match(/^[a-z0-9_]+$/) ? file.name.split('.')[0] : `_${rndstr('a-z0-9', 8)}_`;
const name = file.name.split('.')[0].match(/^[a-z0-9_]+$/) ? file.name.split('.')[0] : `_${genId()}_`;
const emoji = await Emojis.insert({
id: genId(),

View file

@ -1,6 +1,6 @@
import rndstr from 'rndstr';
import { RegistrationTickets } from '@/models/index.js';
import { genId } from '@/misc/gen-id.js';
import { secureRndstrCustom } from '@/misc/secure-rndstr.js';
import define from '../../define.js';
export const meta = {
@ -32,10 +32,8 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async () => {
const code = rndstr({
length: 8,
chars: '2-9A-HJ-NP-Z', // [0-9A-Z] w/o [01IO] (32 patterns)
});
// omit visually ambiguous zero and letter O as well as one and letter I
const code = secureRndstrCustom(8, '23456789ABCDEFGHJKLMNPQRSTUVWXYZ');
await RegistrationTickets.insert({
id: genId(),

View file

@ -1,5 +1,5 @@
import bcrypt from 'bcryptjs';
import rndstr from 'rndstr';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { Users, UserProfiles } from '@/models/index.js';
import define from '../../define.js';
@ -43,7 +43,7 @@ export default define(meta, paramDef, async (ps) => {
throw new Error('cannot reset password of admin');
}
const passwd = rndstr('a-zA-Z0-9', 8);
const passwd = secureRndstr(8, true);
// Generate hash of password
const hash = bcrypt.hashSync(passwd);

View file

@ -1,7 +1,7 @@
import rndstr from 'rndstr';
import bcrypt from 'bcryptjs';
import { publishMainStream } from '@/services/stream.js';
import config from '@/config/index.js';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { Users, UserProfiles } from '@/models/index.js';
import { sendEmail } from '@/services/send-email.js';
import { validateEmailForAccount } from '@/services/validate-email-for-account.js';
@ -62,7 +62,7 @@ export default define(meta, paramDef, async (ps, user) => {
publishMainStream(user.id, 'meUpdated', iObj);
if (ps.email != null) {
const code = rndstr('a-z0-9', 16);
const code = secureRndstr(16);
await UserProfiles.update(user.id, {
emailVerifyCode: code,

View file

@ -1,9 +1,9 @@
import rndstr from 'rndstr';
import { IsNull } from 'typeorm';
import config from '@/config/index.js';
import { Users, UserProfiles, PasswordResetRequests } from '@/models/index.js';
import { sendEmail } from '@/services/send-email.js';
import { genId } from '@/misc/gen-id.js';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { DAY } from '@/const.js';
import define from '../define.js';
@ -53,7 +53,7 @@ export default define(meta, paramDef, async (ps) => {
return;
}
const token = rndstr('a-z0-9', 64);
const token = secureRndstr(64);
await PasswordResetRequests.insert({
id: genId(),

View file

@ -1,11 +1,11 @@
import Koa from 'koa';
import rndstr from 'rndstr';
import bcrypt from 'bcryptjs';
import { fetchMeta } from '@/misc/fetch-meta.js';
import { verifyHcaptcha, verifyRecaptcha } from '@/misc/captcha.js';
import { Users, RegistrationTickets, UserPendings } from '@/models/index.js';
import config from '@/config/index.js';
import { sendEmail } from '@/services/send-email.js';
import { secureRndstr } from '@/misc/secure-rndstr.js';
import { genId } from '@/misc/gen-id.js';
import { validateEmailForAccount } from '@/services/validate-email-for-account.js';
import { signup } from '../common/signup.js';
@ -69,7 +69,7 @@ export default async (ctx: Koa.Context) => {
}
if (instance.emailRequiredForSignup) {
const code = rndstr('a-z0-9', 16);
const code = secureRndstr(16);
// Generate hash of password
const salt = await bcrypt.genSalt(8);

View file

@ -50,7 +50,6 @@
"punycode": "2.1.1",
"qrcode": "1.5.1",
"reflect-metadata": "0.1.13",
"rndstr": "1.0.0",
"rollup": "2.75.7",
"sass": "1.53.0",
"seedrandom": "3.0.5",

View file

@ -3750,7 +3750,6 @@ __metadata:
reflect-metadata: 0.1.13
rename: 1.0.4
require-all: 3.0.0
rndstr: 1.0.0
rss-parser: 3.12.0
sanitize-html: 2.7.0
semver: 7.3.7
@ -4735,7 +4734,6 @@ __metadata:
punycode: 2.1.1
qrcode: 1.5.1
reflect-metadata: 0.1.13
rndstr: 1.0.0
rollup: 2.75.7
sass: 1.53.0
seedrandom: 3.0.5
@ -14292,13 +14290,6 @@ __metadata:
languageName: node
linkType: hard
"rangestr@npm:0.0.1":
version: 0.0.1
resolution: "rangestr@npm:0.0.1"
checksum: d7e3233f43a196a513f0f6c6a8a0a46b3c0e5fff97ad4d0c45031ea7494a3785d5db36d36231609b416acddaf5fe464e2c74fcc7a8f4032af83e05af23c33700
languageName: node
linkType: hard
"ratelimiter@npm:3.4.1":
version: 3.4.1
resolution: "ratelimiter@npm:3.4.1"
@ -14954,16 +14945,6 @@ __metadata:
languageName: node
linkType: hard
"rndstr@npm:1.0.0":
version: 1.0.0
resolution: "rndstr@npm:1.0.0"
dependencies:
rangestr: 0.0.1
seedrandom: 2.4.2
checksum: 4eb485a72bbcdfdd8017888122eaa2fe391d92f5a426558ae523f485d7d0fee8a0122ed513955225aab9a034d6eb694d8fb034c612de0bfadf5f4734d592789d
languageName: node
linkType: hard
"rollup@npm:2.75.7":
version: 2.75.7
resolution: "rollup@npm:2.75.7"
@ -15150,13 +15131,6 @@ __metadata:
languageName: node
linkType: hard
"seedrandom@npm:2.4.2":
version: 2.4.2
resolution: "seedrandom@npm:2.4.2"
checksum: 09b4a2883e667601338964f86c000839f64ca8f811c41b4b425a03eabc5c4d243e09b5d15c29c3441cd61a384a316b02d341dbfaf3b0097b5973aa12544f9435
languageName: node
linkType: hard
"seedrandom@npm:3.0.5":
version: 3.0.5
resolution: "seedrandom@npm:3.0.5"