Merge pull request #152 from ivelin/master

fix: replace Math.random with uuid4 for a crypto secure client ID
2019-12-15 13:02:51 +03:00 · 2019-12-15 13:02:51 +03:00 · 74f2e6aee0
commit 74f2e6aee0
parent 94616d6e35 61cb1517fd
5 changed files with 12 additions and 7 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -2835,6 +2835,11 @@
      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
    },
+    "uuid4": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/uuid4/-/uuid4-1.1.4.tgz",
+      "integrity": "sha512-Gr1q2k40LpF8CokcnQFjPDsdslzJbTCTBG5xQIEflUov431gFkY5KduiGIeKYAamkQnNn4IfdHJbLnl9Bib8TQ=="
+    },
    "v8-compile-cache": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.1.0.tgz",
--- a/package.json
+++ b/package.json
@ -21,6 +21,7 @@
    "cors": "~2.8.4",
    "express": "^4.17.1",
    "optimist": "~0.6.1",
+    "uuid4": "^1.1.4",
    "ws": "^7.1.2"
  },
  "devDependencies": {
--- a/src/models/realm.js
+++ b/src/models/realm.js
@ -1,3 +1,4 @@
+const uuidv4 = require('uuid/v4');
 const MessageQueue = require('./messageQueue');

 class Realm {
@ -43,12 +44,10 @@ class Realm {
  }

  generateClientId () {
-    const randomId = () => (Math.random().toString(36) + '0000000000000000000').substr(2, 16);
-
-    let clientId = randomId();
+    let clientId = uuidv4();

    while (this.getClientById(clientId)) {
-      clientId = randomId();
+      clientId = uuidv4();
    }

    return clientId;
--- a/test/models/realm.js
+++ b/test/models/realm.js
@ -4,9 +4,9 @@ const Client = require('../../src/models/client');

 describe('Realm', () => {
  describe('#generateClientId', () => {
-    it('should generate a 16-character ID', () => {
+    it('should generate a 36-character UUID', () => {
      const realm = new Realm();
-      expect(realm.generateClientId().length).to.eq(16);
+      expect(realm.generateClientId().length).to.eq(36);
    });
  });

--- a/test/services/checkBrokenConnections/index.js
+++ b/test/services/checkBrokenConnections/index.js
@ -17,7 +17,7 @@ describe('checkBrokenConnections service', () => {
            expect(realm.getClientById('id')).to.be.undefined;
            checkBrokenConnections.stop();
            done();
-        }, checkBrokenConnections.CHECK_INTERVAL * 2 + 3);
+        }, checkBrokenConnections.CHECK_INTERVAL * 2 + 30);
    });

    it('should remove client after 1 ping', (done) => {