joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate tokens and ids with cryptoUtils module.

Browse Source 
Move object ID, token, and random string generation into their own
module, cryptoUtils.

Remove hat dependency, which was used to generate session and some other
tokens, because it  used non-cryptographic random number generator.
Replace it with the cryptographically secure one. The result has the
same format (32-character hex string, 128 bits of entropy).

Remove randomstring dependency, as we already have this functionality.

Add tests.
This commit is contained in:
Dmitry Chestnykh
2016-02-12 02:02:55 +01:00
parent 0c75f6022d
commit 62cbc451aa
8 changed files with 142 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Controllers/FilesController.js
View File

@@ -4,11 +4,9 @@ import express from 'express';
import mime from 'mime';
import { Parse } from 'parse/node';
import BodyParser from 'body-parser';
import hat from 'hat';
import * as Middlewares from '../middlewares';
import Config from '../Config';
const rack = hat.rack();
import { randomHexString } from '../cryptoUtils';
export class FilesController {
constructor(filesAdapter) {
@@ -61,7 +59,7 @@ export class FilesController {
extension = '.' + mime.extension(contentType);
}
let filename = rack() + '_' + req.params.filename + extension;
let filename = randomHexString(32) + '_' + req.params.filename + extension;
this._filesAdapter.createFile(req.config, filename, req.body).then(() => {
res.status(201);
var location = this._filesAdapter.getFileLocation(req.config, filename);