remove rndstr dependency
All checks were successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
All checks were successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
This dependency was unused in the client. The use of it in the server can be replaced entirely by the secureRndstr function, with some slight modifications. That function could probably be refactored a bit more as well.
This commit is contained in:
parent
71b976ec96
commit
0f3f42eb39
11 changed files with 20 additions and 47 deletions
|
@ -91,7 +91,6 @@
|
|||
"reflect-metadata": "0.1.13",
|
||||
"rename": "1.0.4",
|
||||
"require-all": "3.0.0",
|
||||
"rndstr": "1.0.0",
|
||||
"rss-parser": "3.12.0",
|
||||
"sanitize-html": "2.7.0",
|
||||
"semver": "7.3.7",
|
||||
|
|
|
@ -3,8 +3,7 @@ import * as crypto from 'node:crypto';
|
|||
const L_CHARS = '0123456789abcdefghijklmnopqrstuvwxyz';
|
||||
const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
|
||||
export function secureRndstr(length = 32, useLU = true): string {
|
||||
const chars = useLU ? LU_CHARS : L_CHARS;
|
||||
export function secureRndstrCustom(length = 32, chars: string): string {
|
||||
const chars_len = chars.length;
|
||||
|
||||
let str = '';
|
||||
|
@ -19,3 +18,8 @@ export function secureRndstr(length = 32, useLU = true): string {
|
|||
|
||||
return str;
|
||||
}
|
||||
|
||||
export function secureRndstr(length = 32, useLU = true): string {
|
||||
const chars = useLU ? LU_CHARS : L_CHARS;
|
||||
return secureRndstrCustom(length, chars);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import rndstr from 'rndstr';
|
||||
import { DAY } from '@/const.js';
|
||||
import { Note } from '@/models/entities/note.js';
|
||||
import { User } from '@/models/entities/user.js';
|
||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||
import { Notes, UserProfiles, NoteReactions } from '@/models/index.js';
|
||||
import { generateMutedUserQuery } from './generate-muted-user-query.js';
|
||||
import { generateBlockedUserQuery } from './generate-block-query.js';
|
||||
|
@ -50,7 +50,7 @@ export async function injectFeatured(timeline: Note[], user?: User | null) {
|
|||
// Pick random one
|
||||
const featured = notes[Math.floor(Math.random() * notes.length)];
|
||||
|
||||
(featured as any)._featuredId_ = rndstr('a-z0-9', 8);
|
||||
(featured as any)._featuredId_ = secureRndstr(8);
|
||||
|
||||
// Inject featured
|
||||
timeline.splice(3, 0, featured);
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
import rndstr from 'rndstr';
|
||||
import { publishBroadcastStream } from '@/services/stream.js';
|
||||
import { db } from '@/db/postgre.js';
|
||||
import { Emojis, DriveFiles } from '@/models/index.js';
|
||||
|
@ -30,7 +29,7 @@ export default define(meta, paramDef, async (ps, me) => {
|
|||
|
||||
if (file == null) throw new ApiError('NO_SUCH_FILE');
|
||||
|
||||
const name = file.name.split('.')[0].match(/^[a-z0-9_]+$/) ? file.name.split('.')[0] : `_${rndstr('a-z0-9', 8)}_`;
|
||||
const name = file.name.split('.')[0].match(/^[a-z0-9_]+$/) ? file.name.split('.')[0] : `_${genId()}_`;
|
||||
|
||||
const emoji = await Emojis.insert({
|
||||
id: genId(),
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import rndstr from 'rndstr';
|
||||
import { RegistrationTickets } from '@/models/index.js';
|
||||
import { genId } from '@/misc/gen-id.js';
|
||||
import { secureRndstrCustom } from '@/misc/secure-rndstr.js';
|
||||
import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
|
@ -32,10 +32,8 @@ export const paramDef = {
|
|||
|
||||
// eslint-disable-next-line import/no-default-export
|
||||
export default define(meta, paramDef, async () => {
|
||||
const code = rndstr({
|
||||
length: 8,
|
||||
chars: '2-9A-HJ-NP-Z', // [0-9A-Z] w/o [01IO] (32 patterns)
|
||||
});
|
||||
// omit visually ambiguous zero and letter O as well as one and letter I
|
||||
const code = secureRndstrCustom(8, '23456789ABCDEFGHJKLMNPQRSTUVWXYZ');
|
||||
|
||||
await RegistrationTickets.insert({
|
||||
id: genId(),
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
import bcrypt from 'bcryptjs';
|
||||
import rndstr from 'rndstr';
|
||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||
import { Users, UserProfiles } from '@/models/index.js';
|
||||
import define from '../../define.js';
|
||||
|
||||
|
@ -43,7 +43,7 @@ export default define(meta, paramDef, async (ps) => {
|
|||
throw new Error('cannot reset password of admin');
|
||||
}
|
||||
|
||||
const passwd = rndstr('a-zA-Z0-9', 8);
|
||||
const passwd = secureRndstr(8, true);
|
||||
|
||||
// Generate hash of password
|
||||
const hash = bcrypt.hashSync(passwd);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import rndstr from 'rndstr';
|
||||
import bcrypt from 'bcryptjs';
|
||||
import { publishMainStream } from '@/services/stream.js';
|
||||
import config from '@/config/index.js';
|
||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||
import { Users, UserProfiles } from '@/models/index.js';
|
||||
import { sendEmail } from '@/services/send-email.js';
|
||||
import { validateEmailForAccount } from '@/services/validate-email-for-account.js';
|
||||
|
@ -62,7 +62,7 @@ export default define(meta, paramDef, async (ps, user) => {
|
|||
publishMainStream(user.id, 'meUpdated', iObj);
|
||||
|
||||
if (ps.email != null) {
|
||||
const code = rndstr('a-z0-9', 16);
|
||||
const code = secureRndstr(16);
|
||||
|
||||
await UserProfiles.update(user.id, {
|
||||
emailVerifyCode: code,
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
import rndstr from 'rndstr';
|
||||
import { IsNull } from 'typeorm';
|
||||
import config from '@/config/index.js';
|
||||
import { Users, UserProfiles, PasswordResetRequests } from '@/models/index.js';
|
||||
import { sendEmail } from '@/services/send-email.js';
|
||||
import { genId } from '@/misc/gen-id.js';
|
||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||
import { DAY } from '@/const.js';
|
||||
import define from '../define.js';
|
||||
|
||||
|
@ -53,7 +53,7 @@ export default define(meta, paramDef, async (ps) => {
|
|||
return;
|
||||
}
|
||||
|
||||
const token = rndstr('a-z0-9', 64);
|
||||
const token = secureRndstr(64);
|
||||
|
||||
await PasswordResetRequests.insert({
|
||||
id: genId(),
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
import Koa from 'koa';
|
||||
import rndstr from 'rndstr';
|
||||
import bcrypt from 'bcryptjs';
|
||||
import { fetchMeta } from '@/misc/fetch-meta.js';
|
||||
import { verifyHcaptcha, verifyRecaptcha } from '@/misc/captcha.js';
|
||||
import { Users, RegistrationTickets, UserPendings } from '@/models/index.js';
|
||||
import config from '@/config/index.js';
|
||||
import { sendEmail } from '@/services/send-email.js';
|
||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||
import { genId } from '@/misc/gen-id.js';
|
||||
import { validateEmailForAccount } from '@/services/validate-email-for-account.js';
|
||||
import { signup } from '../common/signup.js';
|
||||
|
@ -69,7 +69,7 @@ export default async (ctx: Koa.Context) => {
|
|||
}
|
||||
|
||||
if (instance.emailRequiredForSignup) {
|
||||
const code = rndstr('a-z0-9', 16);
|
||||
const code = secureRndstr(16);
|
||||
|
||||
// Generate hash of password
|
||||
const salt = await bcrypt.genSalt(8);
|
||||
|
|
|
@ -50,7 +50,6 @@
|
|||
"punycode": "2.1.1",
|
||||
"qrcode": "1.5.1",
|
||||
"reflect-metadata": "0.1.13",
|
||||
"rndstr": "1.0.0",
|
||||
"rollup": "2.75.7",
|
||||
"sass": "1.53.0",
|
||||
"seedrandom": "3.0.5",
|
||||
|
|
26
yarn.lock
26
yarn.lock
|
@ -3750,7 +3750,6 @@ __metadata:
|
|||
reflect-metadata: 0.1.13
|
||||
rename: 1.0.4
|
||||
require-all: 3.0.0
|
||||
rndstr: 1.0.0
|
||||
rss-parser: 3.12.0
|
||||
sanitize-html: 2.7.0
|
||||
semver: 7.3.7
|
||||
|
@ -4735,7 +4734,6 @@ __metadata:
|
|||
punycode: 2.1.1
|
||||
qrcode: 1.5.1
|
||||
reflect-metadata: 0.1.13
|
||||
rndstr: 1.0.0
|
||||
rollup: 2.75.7
|
||||
sass: 1.53.0
|
||||
seedrandom: 3.0.5
|
||||
|
@ -14292,13 +14290,6 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"rangestr@npm:0.0.1":
|
||||
version: 0.0.1
|
||||
resolution: "rangestr@npm:0.0.1"
|
||||
checksum: d7e3233f43a196a513f0f6c6a8a0a46b3c0e5fff97ad4d0c45031ea7494a3785d5db36d36231609b416acddaf5fe464e2c74fcc7a8f4032af83e05af23c33700
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"ratelimiter@npm:3.4.1":
|
||||
version: 3.4.1
|
||||
resolution: "ratelimiter@npm:3.4.1"
|
||||
|
@ -14954,16 +14945,6 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"rndstr@npm:1.0.0":
|
||||
version: 1.0.0
|
||||
resolution: "rndstr@npm:1.0.0"
|
||||
dependencies:
|
||||
rangestr: 0.0.1
|
||||
seedrandom: 2.4.2
|
||||
checksum: 4eb485a72bbcdfdd8017888122eaa2fe391d92f5a426558ae523f485d7d0fee8a0122ed513955225aab9a034d6eb694d8fb034c612de0bfadf5f4734d592789d
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"rollup@npm:2.75.7":
|
||||
version: 2.75.7
|
||||
resolution: "rollup@npm:2.75.7"
|
||||
|
@ -15150,13 +15131,6 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"seedrandom@npm:2.4.2":
|
||||
version: 2.4.2
|
||||
resolution: "seedrandom@npm:2.4.2"
|
||||
checksum: 09b4a2883e667601338964f86c000839f64ca8f811c41b4b425a03eabc5c4d243e09b5d15c29c3441cd61a384a316b02d341dbfaf3b0097b5973aa12544f9435
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"seedrandom@npm:3.0.5":
|
||||
version: 3.0.5
|
||||
resolution: "seedrandom@npm:3.0.5"
|
||||
|
|
Loading…
Reference in a new issue