Use random hex string instead of uuid for nonce

2016-06-10 10:44:26 +02:00
parent 9cdbfeae87
commit 405bb84ca6
5 changed files with 29 additions and 8 deletions
--- a/src/service/util.js
+++ b/src/service/util.js
@@ -17,6 +17,8 @@

 'use strict';

+const crypto = require('crypto');
+
 /**
 * Checks for a valid string
 * @param  {} data     The input to be checked
@@ -89,6 +91,17 @@ exports.throw = function(status, message) {
  throw err;
 };

+/**
+ * Generate a cryptographically secure random hex string. If no length is
+ * provided a 32 char hex string will be generated by default.
+ * @param  {number} bytes   (optional) The number of random bytes
+ * @return {string}         The random bytes in hex (twice as long as bytes)
+ */
+exports.random = function(bytes) {
+  bytes = bytes || 16;
+  return crypto.randomBytes(bytes).toString('hex');
+};
+
 /**
 * Get the server's own origin host and protocol. Required for sending
 * verification links via email. If the PORT environmane variable