make sure entity IDs are generated only with alphanumeric characters (base62)

2025-03-01 14:22:32 +01:00 · 2017-12-09 20:44:06 -05:00 · 2017-12-09 20:44:06 -05:00 · f55f0a4ed3
commit f55f0a4ed3
parent 372cce8f8e
6 changed files with 12 additions and 7 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -2590,7 +2590,7 @@
        },
        "fs-extra": {
          "version": "0.30.0",
-          "resolved": "http://registry.npmjs.org/fs-extra/-/fs-extra-0.30.0.tgz",
+          "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-0.30.0.tgz",
          "integrity": "sha1-8jP/zAjU2n1DLapEl3aYnbHfk/A=",
          "requires": {
            "graceful-fs": "4.1.11",
@ -6650,6 +6650,11 @@
        "strict-uri-encode": "1.1.0"
      }
    },
+    "rand-token": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/rand-token/-/rand-token-0.4.0.tgz",
+      "integrity": "sha512-FLNNsir2R+XY8LKsZ+8u/w0qZ4sGit7cpNdznsI77cAVob6UlVPueDKRyjJ3W1Q6FJLgAVH98JvlqqpSaL7NEQ=="
+    },
    "random-bytes": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
--- a/package.json
+++ b/package.json
@ -27,6 +27,7 @@
    "helmet": "^3.9.0",
    "html": "^1.0.0",
    "ini": "^1.3.4",
+    "rand-token": "^0.4.0",
    "request": "^2.83.0",
    "request-promise": "^4.2.2",
    "rimraf": "^2.6.2",
--- a/public/javascripts/messaging.js
+++ b/public/javascripts/messaging.js
@ -1,6 +1,7 @@
 "use strict";

 const messaging = (function() {
+    const changesToPushCountEl = $("#changes-to-push-count");
    let ws = null;

    function logError(message) {
@ -39,7 +40,6 @@ const messaging = (function() {
                recentNotes.reload();
            }

-            const changesToPushCountEl = $("#changesToPushCount");
            changesToPushCountEl.html(message.changesToPushCount);
        }
    }
--- a/public/javascripts/note_tree.js
+++ b/public/javascripts/note_tree.js
@ -502,7 +502,7 @@ const noteTree = (function() {
                startNotePath = document.location.hash.substr(1); // strip initial #
            }

-            return prepareNoteTree(resp.notes, resp.notes_parent);
+            return prepareNoteTree(resp.notes);
        });
    }

--- a/services/utils.js
+++ b/services/utils.js
@ -1,6 +1,7 @@
 "use strict";

 const crypto = require('crypto');
+const randtoken = require('rand-token').generator({source: 'crypto'});

 function newNoteId() {
    return randomString(12);
@ -15,9 +16,7 @@ function newNoteHistoryId() {
 }

 function randomString(length) {
-    const token = randomSecureToken(32);
-
-    return token.substr(0, length);
+    return randtoken.generate(length);
 }

 function randomSecureToken(bytes = 32) {
--- a/views/index.ejs
+++ b/views/index.ejs
@ -23,7 +23,7 @@
        </div>

        <div>
-          <button class="btn btn-xs" onclick="syncNow();">Sync now (<span id="changesToPushCount">0</span>)</button>
+          <button class="btn btn-xs" onclick="syncNow();">Sync now (<span id="changes-to-push-count">0</span>)</button>

          <button class="btn btn-xs" onclick="settings.showDialog();">Settings</button>