remove rndstr dependency

This dependency was unused in the client. The use of it in the server can be replaced entirely by the secureRndstr function, with some slight modifications. That function could probably be refactored a bit more as well.
2022-12-07 18:03:29 +01:00 · 2022-12-07 18:03:29 +01:00 · 0f3f42eb39
commit 0f3f42eb39
parent 71b976ec96
11 changed files with 20 additions and 47 deletions
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@ -91,7 +91,6 @@
 		"reflect-metadata": "0.1.13",
 		"rename": "1.0.4",
 		"require-all": "3.0.0",
 		"rndstr": "1.0.0",
 		"rss-parser": "3.12.0",
 		"sanitize-html": "2.7.0",
 		"semver": "7.3.7",
--- a/packages/backend/src/misc/secure-rndstr.ts
+++ b/packages/backend/src/misc/secure-rndstr.ts
@ -3,8 +3,7 @@ import * as crypto from 'node:crypto';
 const L_CHARS = '0123456789abcdefghijklmnopqrstuvwxyz';
 const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-export function secureRndstr(length = 32, useLU = true): string {
+export function secureRndstrCustom(length = 32, chars: string): string {
 	const chars = useLU ? LU_CHARS : L_CHARS;
 	const chars_len = chars.length;
 	let str = '';
@ -19,3 +18,8 @@ export function secureRndstr(length = 32, useLU = true): string {
 	return str;
 }
 export function secureRndstr(length = 32, useLU = true): string {
 	const chars = useLU ? LU_CHARS : L_CHARS;
 	return secureRndstrCustom(length, chars);
 }
--- a/packages/backend/src/server/api/common/inject-featured.ts
+++ b/packages/backend/src/server/api/common/inject-featured.ts
@ -1,7 +1,7 @@
 import rndstr from 'rndstr';
 import { DAY } from '@/const.js';
 import { Note } from '@/models/entities/note.js';
 import { User } from '@/models/entities/user.js';
 import { secureRndstr } from '@/misc/secure-rndstr.js';
 import { Notes, UserProfiles, NoteReactions } from '@/models/index.js';
 import { generateMutedUserQuery } from './generate-muted-user-query.js';
 import { generateBlockedUserQuery } from './generate-block-query.js';
@ -50,7 +50,7 @@ export async function injectFeatured(timeline: Note[], user?: User | null) {
 	// Pick random one
 	const featured = notes[Math.floor(Math.random() * notes.length)];
-	(featured as any)._featuredId_ = rndstr('a-z0-9', 8);
+	(featured as any)._featuredId_ = secureRndstr(8);
 	// Inject featured
 	timeline.splice(3, 0, featured);
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
@ -1,4 +1,3 @@
 import rndstr from 'rndstr';
 import { publishBroadcastStream } from '@/services/stream.js';
 import { db } from '@/db/postgre.js';
 import { Emojis, DriveFiles } from '@/models/index.js';
@ -30,7 +29,7 @@ export default define(meta, paramDef, async (ps, me) => {
 	if (file == null) throw new ApiError('NO_SUCH_FILE');
-	const name = file.name.split('.')[0].match(/^[a-z0-9_]+$/) ? file.name.split('.')[0] : `_${rndstr('a-z0-9', 8)}_`;
+	const name = file.name.split('.')[0].match(/^[a-z0-9_]+$/) ? file.name.split('.')[0] : `_${genId()}_`;
 	const emoji = await Emojis.insert({
 		id: genId(),
--- a/packages/backend/src/server/api/endpoints/admin/invite.ts
+++ b/packages/backend/src/server/api/endpoints/admin/invite.ts
@ -1,6 +1,6 @@
 import rndstr from 'rndstr';
 import { RegistrationTickets } from '@/models/index.js';
 import { genId } from '@/misc/gen-id.js';
 import { secureRndstrCustom } from '@/misc/secure-rndstr.js';
 import define from '../../define.js';
 export const meta = {
@ -32,10 +32,8 @@ export const paramDef = {
 // eslint-disable-next-line import/no-default-export
 export default define(meta, paramDef, async () => {
-	const code = rndstr({
+	// omit visually ambiguous zero and letter O as well as one and letter I
-		length: 8,
+	const code = secureRndstrCustom(8, '23456789ABCDEFGHJKLMNPQRSTUVWXYZ');
 		chars: '2-9A-HJ-NP-Z', // [0-9A-Z] w/o [01IO] (32 patterns)
 	});
 	await RegistrationTickets.insert({
 		id: genId(),
--- a/packages/backend/src/server/api/endpoints/admin/reset-password.ts
+++ b/packages/backend/src/server/api/endpoints/admin/reset-password.ts
@ -1,5 +1,5 @@
 import bcrypt from 'bcryptjs';
-import rndstr from 'rndstr';
+import { secureRndstr } from '@/misc/secure-rndstr.js';
 import { Users, UserProfiles } from '@/models/index.js';
 import define from '../../define.js';
@ -43,7 +43,7 @@ export default define(meta, paramDef, async (ps) => {
 		throw new Error('cannot reset password of admin');
 	}
-	const passwd = rndstr('a-zA-Z0-9', 8);
+	const passwd = secureRndstr(8, true);
 	// Generate hash of password
 	const hash = bcrypt.hashSync(passwd);
--- a/packages/backend/src/server/api/endpoints/i/update-email.ts
+++ b/packages/backend/src/server/api/endpoints/i/update-email.ts
@ -1,7 +1,7 @@
 import rndstr from 'rndstr';
 import bcrypt from 'bcryptjs';
 import { publishMainStream } from '@/services/stream.js';
 import config from '@/config/index.js';
 import { secureRndstr } from '@/misc/secure-rndstr.js';
 import { Users, UserProfiles } from '@/models/index.js';
 import { sendEmail } from '@/services/send-email.js';
 import { validateEmailForAccount } from '@/services/validate-email-for-account.js';
@ -62,7 +62,7 @@ export default define(meta, paramDef, async (ps, user) => {
 	publishMainStream(user.id, 'meUpdated', iObj);
 	if (ps.email != null) {
-		const code = rndstr('a-z0-9', 16);
+		const code = secureRndstr(16);
 		await UserProfiles.update(user.id, {
 			emailVerifyCode: code,
--- a/packages/backend/src/server/api/endpoints/request-reset-password.ts
+++ b/packages/backend/src/server/api/endpoints/request-reset-password.ts
@ -1,9 +1,9 @@
 import rndstr from 'rndstr';
 import { IsNull } from 'typeorm';
 import config from '@/config/index.js';
 import { Users, UserProfiles, PasswordResetRequests } from '@/models/index.js';
 import { sendEmail } from '@/services/send-email.js';
 import { genId } from '@/misc/gen-id.js';
 import { secureRndstr } from '@/misc/secure-rndstr.js';
 import { DAY } from '@/const.js';
 import define from '../define.js';
@ -53,7 +53,7 @@ export default define(meta, paramDef, async (ps) => {
 		return;
 	}
-	const token = rndstr('a-z0-9', 64);
+	const token = secureRndstr(64);
 	await PasswordResetRequests.insert({
 		id: genId(),
--- a/packages/backend/src/server/api/private/signup.ts
+++ b/packages/backend/src/server/api/private/signup.ts
@ -1,11 +1,11 @@
 import Koa from 'koa';
 import rndstr from 'rndstr';
 import bcrypt from 'bcryptjs';
 import { fetchMeta } from '@/misc/fetch-meta.js';
 import { verifyHcaptcha, verifyRecaptcha } from '@/misc/captcha.js';
 import { Users, RegistrationTickets, UserPendings } from '@/models/index.js';
 import config from '@/config/index.js';
 import { sendEmail } from '@/services/send-email.js';
 import { secureRndstr } from '@/misc/secure-rndstr.js';
 import { genId } from '@/misc/gen-id.js';
 import { validateEmailForAccount } from '@/services/validate-email-for-account.js';
 import { signup } from '../common/signup.js';
@ -69,7 +69,7 @@ export default async (ctx: Koa.Context) => {
 	}
 	if (instance.emailRequiredForSignup) {
-		const code = rndstr('a-z0-9', 16);
+		const code = secureRndstr(16);
 		// Generate hash of password
 		const salt = await bcrypt.genSalt(8);
--- a/packages/client/package.json
+++ b/packages/client/package.json
@ -50,7 +50,6 @@
 		"punycode": "2.1.1",
 		"qrcode": "1.5.1",
 		"reflect-metadata": "0.1.13",
 		"rndstr": "1.0.0",
 		"rollup": "2.75.7",
 		"sass": "1.53.0",
 		"seedrandom": "3.0.5",
--- a/yarn.lock
+++ b/yarn.lock
@ -3750,7 +3750,6 @@ __metadata:
    reflect-metadata: 0.1.13
    rename: 1.0.4
    require-all: 3.0.0
    rndstr: 1.0.0
    rss-parser: 3.12.0
    sanitize-html: 2.7.0
    semver: 7.3.7
@ -4735,7 +4734,6 @@ __metadata:
    punycode: 2.1.1
    qrcode: 1.5.1
    reflect-metadata: 0.1.13
    rndstr: 1.0.0
    rollup: 2.75.7
    sass: 1.53.0
    seedrandom: 3.0.5
@ -14292,13 +14290,6 @@ __metadata:
  languageName: node
  linkType: hard
 "rangestr@npm:0.0.1":
  version: 0.0.1
  resolution: "rangestr@npm:0.0.1"
  checksum: d7e3233f43a196a513f0f6c6a8a0a46b3c0e5fff97ad4d0c45031ea7494a3785d5db36d36231609b416acddaf5fe464e2c74fcc7a8f4032af83e05af23c33700
  languageName: node
  linkType: hard
 "ratelimiter@npm:3.4.1":
  version: 3.4.1
  resolution: "ratelimiter@npm:3.4.1"
@ -14954,16 +14945,6 @@ __metadata:
  languageName: node
  linkType: hard
 "rndstr@npm:1.0.0":
  version: 1.0.0
  resolution: "rndstr@npm:1.0.0"
  dependencies:
    rangestr: 0.0.1
    seedrandom: 2.4.2
  checksum: 4eb485a72bbcdfdd8017888122eaa2fe391d92f5a426558ae523f485d7d0fee8a0122ed513955225aab9a034d6eb694d8fb034c612de0bfadf5f4734d592789d
  languageName: node
  linkType: hard
 "rollup@npm:2.75.7":
  version: 2.75.7
  resolution: "rollup@npm:2.75.7"
@ -15150,13 +15131,6 @@ __metadata:
  languageName: node
  linkType: hard
 "seedrandom@npm:2.4.2":
  version: 2.4.2
  resolution: "seedrandom@npm:2.4.2"
  checksum: 09b4a2883e667601338964f86c000839f64ca8f811c41b4b425a03eabc5c4d243e09b5d15c29c3441cd61a384a316b02d341dbfaf3b0097b5973aa12544f9435
  languageName: node
  linkType: hard
 "seedrandom@npm:3.0.5":
  version: 3.0.5
  resolution: "seedrandom@npm:3.0.5"