refactor(backend): replace rndstr with secureRndstr (#11044)

* refactor(backend): replace rndstr with secureRndstr * Update pnpm-lock.yaml * .js
2023-06-25 04:04:33 +02:00 · 2023-06-25 04:04:33 +02:00 · ef354e94f2
commit ef354e94f2
parent 7bb8c71543
16 changed files with 57 additions and 64 deletions
--- a/packages/backend/src/server/api/SignupApiService.ts
+++ b/packages/backend/src/server/api/SignupApiService.ts
@ -1,5 +1,4 @@
 import { Inject, Injectable } from '@nestjs/common';
-import rndstr from 'rndstr';
 import bcrypt from 'bcryptjs';
 import { IsNull } from 'typeorm';
 import { DI } from '@/di-symbols.js';
@ -16,6 +15,7 @@ import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
 import { bindThis } from '@/decorators.js';
 import { SigninService } from './SigninService.js';
 import type { FastifyRequest, FastifyReply } from 'fastify';
+import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js';

@Injectable()
 export class SignupApiService {
@ -67,7 +67,7 @@ export class SignupApiService {
 		const body = request.body;

 		const instance = await this.metaService.fetch(true);
-	
+
 		// Verify *Captcha
 		// ただしテスト時はこの機構は障害となるため無効にする
 		if (process.env.NODE_ENV !== 'test') {
@ -76,7 +76,7 @@ export class SignupApiService {
 					throw new FastifyReplyError(400, err);
 				});
 			}
-	
+
 			if (instance.enableRecaptcha && instance.recaptchaSecretKey) {
 				await this.captchaService.verifyRecaptcha(instance.recaptchaSecretKey, body['g-recaptcha-response']).catch(err => {
 					throw new FastifyReplyError(400, err);
@ -89,44 +89,44 @@ export class SignupApiService {
 				});
 			}
 		}
-	
+
 		const username = body['username'];
 		const password = body['password'];
 		const host: string | null = process.env.NODE_ENV === 'test' ? (body['host'] ?? null) : null;
 		const invitationCode = body['invitationCode'];
 		const emailAddress = body['emailAddress'];
-	
+
 		if (instance.emailRequiredForSignup) {
 			if (emailAddress == null || typeof emailAddress !== 'string') {
 				reply.code(400);
 				return;
 			}
-	
+
 			const res = await this.emailService.validateEmailForAccount(emailAddress);
 			if (!res.available) {
 				reply.code(400);
 				return;
 			}
 		}
-	
+
 		if (instance.disableRegistration) {
 			if (invitationCode == null || typeof invitationCode !== 'string') {
 				reply.code(400);
 				return;
 			}
-	
+
 			const ticket = await this.registrationTicketsRepository.findOneBy({
 				code: invitationCode,
 			});
-	
+
 			if (ticket == null) {
 				reply.code(400);
 				return;
 			}
-	
+
 			this.registrationTicketsRepository.delete(ticket.id);
 		}
-	
+
 		if (instance.emailRequiredForSignup) {
 			if (await this.usersRepository.findOneBy({ usernameLower: username.toLowerCase(), host: IsNull() })) {
 				throw new FastifyReplyError(400, 'DUPLICATED_USERNAME');
@ -142,7 +142,7 @@ export class SignupApiService {
 				throw new FastifyReplyError(400, 'DENIED_USERNAME');
 			}

-			const code = rndstr('a-z0-9', 16);
+			const code = secureRndstr(16, { chars: L_CHARS });

 			// Generate hash of password
 			const salt = await bcrypt.genSalt(8);
@ -170,12 +170,12 @@ export class SignupApiService {
 				const { account, secret } = await this.signupService.signup({
 					username, password, host,
 				});
-	
+
 				const res = await this.userEntityService.pack(account, account, {
 					detail: true,
 					includeSecrets: true,
 				});
-	
+
 				return {
 					...res,
 					token: secret,