Implement rotating salt.

This commit is contained in:
Mike Cao 2020-08-20 19:38:20 -07:00
parent 5cade59111
commit c95d8e8a01
2 changed files with 8 additions and 2 deletions

View File

@ -2,9 +2,11 @@ import crypto from 'crypto';
import { v4, v5, validate } from 'uuid'; import { v4, v5, validate } from 'uuid';
import bcrypt from 'bcrypt'; import bcrypt from 'bcrypt';
import { JWT, JWE, JWK } from 'jose'; import { JWT, JWE, JWK } from 'jose';
import { startOfMonth } from 'date-fns';
const SALT_ROUNDS = 10; const SALT_ROUNDS = 10;
const KEY = JWK.asKey(Buffer.from(secret())); const KEY = JWK.asKey(Buffer.from(secret()));
const ROTATING_SALT = hash(startOfMonth(new Date()).toUTCString());
const CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; const CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
export function hash(...args) { export function hash(...args) {
@ -15,10 +17,14 @@ export function secret() {
return hash(process.env.HASH_SALT); return hash(process.env.HASH_SALT);
} }
export function salt() {
return v5([secret(), ROTATING_SALT].join(''), v5.DNS);
}
export function uuid(...args) { export function uuid(...args) {
if (!args.length) return v4(); if (!args.length) return v4();
return v5(args.join(''), v5.DNS); return v5(args.join(''), salt());
} }
export function isValidId(s) { export function isValidId(s) {

View File

@ -1,6 +1,6 @@
{ {
"name": "umami", "name": "umami",
"version": "0.11.0", "version": "0.12.0",
"description": "A simple, fast, website analytics alternative to Google Analytics. ", "description": "A simple, fast, website analytics alternative to Google Analytics. ",
"author": "Mike Cao <mike@mikecao.com>", "author": "Mike Cao <mike@mikecao.com>",
"license": "MIT", "license": "MIT",