トークン系の乱数ソースではcryptoを使うように (#6200)

author: MeiMei <30769358+mei23@users.noreply.github.com> 2020-03-29 23:16:36 +0900
committer: GitHub <noreply@github.com> 2020-03-29 23:16:36 +0900
commit: 244ef0cb8f82b18c22990ece728f2e1fe8398a62 (patch)
tree: 781b5820207bf78d831f13928d5b5253582436b0 /src/server/api/endpoints/auth
parent: 12.28.0 (diff)
download: sharkey-244ef0cb8f82b18c22990ece728f2e1fe8398a62.tar.gz
sharkey-244ef0cb8f82b18c22990ece728f2e1fe8398a62.tar.bz2
sharkey-244ef0cb8f82b18c22990ece728f2e1fe8398a62.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/server/api/endpoints/auth/accept.ts b/src/server/api/endpoints/auth/accept.ts
index 8ba15ba815..e9281f1236 100644
--- a/src/server/api/endpoints/auth/accept.ts
+++ b/src/server/api/endpoints/auth/accept.ts
@@ -1,4 +1,3 @@
-import rndstr from 'rndstr';
 import * as crypto from 'crypto';
 import $ from 'cafy';
 import define from '../../define';
@@ -6,6 +5,7 @@ import { ApiError } from '../../error';
 import { AuthSessions, AccessTokens, Apps } from '../../../../models';
 import { genId } from '../../../../misc/gen-id';
 import { ensure } from '../../../../prelude/ensure';
+import { secureRndstr } from '../../../../misc/secure-rndstr';
 
 export const meta = {
 	tags: ['auth'],
@@ -39,7 +39,7 @@ export default define(meta, async (ps, user) => {
 	}
 
 	// Generate access token
-	const accessToken = rndstr('a-zA-Z0-9', 32);
+	const accessToken = secureRndstr(32, true);
 
 	// Fetch exist access token
 	const exist = await AccessTokens.findOne({
author	MeiMei <30769358+mei23@users.noreply.github.com>	2020-03-29 23:16:36 +0900
committer	GitHub <noreply@github.com>	2020-03-29 23:16:36 +0900
commit	244ef0cb8f82b18c22990ece728f2e1fe8398a62 (patch)
tree	781b5820207bf78d831f13928d5b5253582436b0 /src/server/api/endpoints/auth
parent	12.28.0 (diff)
download	sharkey-244ef0cb8f82b18c22990ece728f2e1fe8398a62.tar.gz sharkey-244ef0cb8f82b18c22990ece728f2e1fe8398a62.tar.bz2 sharkey-244ef0cb8f82b18c22990ece728f2e1fe8398a62.zip