From a2c50742bb3a692dd77a341a69f95d8078bdbc5c Mon Sep 17 00:00:00 2001 From: a3957273 <89583054+a3957273@users.noreply.github.com> Date: Sat, 17 Feb 2024 01:27:27 +0000 Subject: [PATCH] Improve token generation and verification --- backend/src/models/v2/Token.ts | 2 +- backend/src/services/v2/token.ts | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/backend/src/models/v2/Token.ts b/backend/src/models/v2/Token.ts index 32d9cc140..4452fc9d6 100644 --- a/backend/src/models/v2/Token.ts +++ b/backend/src/models/v2/Token.ts @@ -67,7 +67,7 @@ TokenSchema.pre('save', function userPreSave(next) { return } - bcrypt.hash(this.secretKey, 10, (err: Error | undefined, hash: string) => { + bcrypt.hash(this.secretKey, 8, (err: Error | undefined, hash: string) => { if (err) { next(err) return diff --git a/backend/src/services/v2/token.ts b/backend/src/services/v2/token.ts index 7a63d10fa..a2d5f3912 100644 --- a/backend/src/services/v2/token.ts +++ b/backend/src/services/v2/token.ts @@ -1,4 +1,4 @@ -import { nanoid } from 'nanoid' +import { customAlphabet } from 'nanoid' import { TokenActionsKeys, TokenDoc, TokenScopeKeys } from '../../models/v2/Token.js' import Token from '../../models/v2/Token.js' @@ -13,9 +13,11 @@ interface CreateTokenProps { modelIds: Array actions: Array } + +const nanoid = customAlphabet('0123456789ABCDEFGHIJKLMNOPQSRTUVWXYZ') export async function createToken(user: UserDoc, { description, scope, modelIds, actions }: CreateTokenProps) { - const accessKey = nanoid(10) - const secretKey = nanoid() + const accessKey = `BAC_${nanoid(8)}` + const secretKey = `BSK_${nanoid(12)}` if (scope === 'models') { // Checks to make sure the models are valid