sam/Foxnouns.NET
sam/Foxnouns.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

fix: use url-unsafe base 64 for auth tokens

Browse source 
.net throws an error when decoding url-safe base 64
luckily we never decode it *except* for tokens, so those can keep using
url-unsafe base 64. they're never used in URLs after all
This commit is contained in:
sam 2024-12-14 16:39:02 +01:00
parent 9d33093339
commit 49b2902d6d
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Foxnouns.Backend/Services/Auth/AuthService.cs
View file

@ -358,7 +358,7 @@ public class AuthService(
private static (string, byte[]) GenerateToken() private static (string, byte[]) GenerateToken()
{ {
string token = AuthUtils.RandomToken(); string token = AuthUtils.RandomUrlUnsafeToken();
byte[] hash = SHA512.HashData(Convert.FromBase64String(token)); byte[] hash = SHA512.HashData(Convert.FromBase64String(token));
return (token, hash); return (token, hash);

7
Foxnouns.Backend/Utils/AuthUtils.cs
View file

@ -130,10 +130,11 @@ public static class AuthUtils
return TryFromBase64String(input, out rawToken); return TryFromBase64String(input, out rawToken);
} }
public static string RandomUrlUnsafeToken(int bytes = 48) =>
Convert.ToBase64String(RandomNumberGenerator.GetBytes(bytes)).Trim('=');
public static string RandomToken(int bytes = 48) => public static string RandomToken(int bytes = 48) =>
Convert RandomUrlUnsafeToken()
.ToBase64String(RandomNumberGenerator.GetBytes(bytes))
.Trim('=')
// Make the token URL-safe // Make the token URL-safe
.Replace('+', '-') .Replace('+', '-')
.Replace('/', '_'); .Replace('/', '_');