watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-09 07:07:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

security advisory fixes opened by kolega-ai-dev

Browse source
This commit is contained in:
Francis Cao 2026-01-22 09:24:08 -08:00
parent e5f794c329
commit 8f55ed9da9
7 changed files with 36 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/lib/auth.ts
View file

@ -1,7 +1,6 @@
import debug from 'debug';
import { ROLE_PERMISSIONS, ROLES, SHARE_TOKEN_HEADER } from '@/lib/constants';
import { secret } from '@/lib/crypto';
import { getRandomChars } from '@/lib/generate';
import { createAuthKey, secret } from '@/lib/crypto';
import { createSecureToken, parseSecureToken, parseToken } from '@/lib/jwt';
import redis from '@/lib/redis';
import { ensureArray } from '@/lib/utils';
@ -53,7 +52,7 @@ export async function checkAuth(request: Request) {
}
export async function saveAuth(data: any, expire = 0) {
const authKey = `auth:${getRandomChars(32)}`;
const authKey = `auth:${createAuthKey()}`;
if (redis.enabled) {
await redis.client.set(authKey, data);

4
src/lib/crypto.ts
View file

@ -63,3 +63,7 @@ export function uuid(...args: any) {
return process.env.USE_UUIDV7 ? v7() : v4();
}
export function createAuthKey() {
return crypto.randomBytes(16).toString('hex');
}