Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

🔐 fix: token not using webcrypto (#4005)

Browse source 
* fix: token

* style: auth pages updated `|` color
This commit is contained in:
Marco Beretta 2024-09-11 22:25:14 -04:00 committed by GitHub
parent aea01f0bc5
commit c3dc03b063
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 23 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

11
api/models/inviteUser.js
View file

@ -1,6 +1,5 @@
const crypto = require('crypto');
const bcrypt = require('bcryptjs');
const mongoose = require('mongoose');
const { getRandomValues, hashToken } = require('~/server/utils/crypto');
const { createToken, findToken } = require('./Token');
const logger = require('~/config/winston');
@ -18,8 +17,8 @@ const logger = require('~/config/winston');
*/
const createInvite = async (email) => {
try {
let token = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(token, 10);
const token = await getRandomValues(32);
const hash = await hashToken(token);
const encodedToken = encodeURIComponent(token);
const fakeUserId = new mongoose.Types.ObjectId();
@ -50,7 +49,7 @@ const createInvite = async (email) => {
const getInvite = async (encodedToken, email) => {
try {
const token = decodeURIComponent(encodedToken);
const hash = bcrypt.hashSync(token, 10);
const hash = await hashToken(token);
const invite = await findToken({ token: hash, email });
if (!invite) {
@ -59,7 +58,7 @@ const getInvite = async (encodedToken, email) => {
return invite;
} catch (error) {
logger.error('[getInvite] Error getting invite', error);
logger.error('[getInvite] Error getting invite:', error);
return { error: true, message: error.message };
}
};