From 1d4185a4cc9cf80a4d5050af21f1fc623ea76cfd Mon Sep 17 00:00:00 2001 From: Alexander Chabin Date: Wed, 11 Oct 2023 16:40:10 +0500 Subject: [PATCH] Use `crypto` module for ekaterinburg.rf tokens (#83) --- api/model/ekaterinburg-rf/ekaterinburg-rf.ts | 46 +++++++++----------- api/package.json | 1 - pnpm-lock.yaml | 29 +++++++----- 3 files changed, 38 insertions(+), 38 deletions(-) diff --git a/api/model/ekaterinburg-rf/ekaterinburg-rf.ts b/api/model/ekaterinburg-rf/ekaterinburg-rf.ts index 06105410..75531387 100644 --- a/api/model/ekaterinburg-rf/ekaterinburg-rf.ts +++ b/api/model/ekaterinburg-rf/ekaterinburg-rf.ts @@ -1,6 +1,6 @@ import fetch from 'node-fetch'; import _ from 'lodash'; -import sha1 from 'js-sha1'; +import crypto from 'crypto'; import { ServerRoute, @@ -167,7 +167,7 @@ export class EkaterinburgRfModel { this.incrementRequestId(); - let { magicStr, guidStr } = shaenc(method, this.requestId, this.sid); + const token = getRequestToken(method, this.requestId, this.sid); const requestBody = { id: this.requestId, @@ -176,7 +176,7 @@ export class EkaterinburgRfModel { params: { ...params, sid: this.sid, - magic: magicStr, + magic: token.magic, }, }; @@ -186,7 +186,7 @@ export class EkaterinburgRfModel { }; const requestUrl = new URL(marhsrutEkaterinburgRfJsonRpcLink); - requestUrl.searchParams.append('m', guidStr); + requestUrl.searchParams.append('m', token.guid); let response = await fetch(requestUrl.href, fetchOptions); let body = (await response.json()) as JsonRpcResponse; @@ -199,13 +199,13 @@ export class EkaterinburgRfModel { requestBody.params.sid = this.sid; requestBody.id = this.requestId; - ({ magicStr, guidStr } = shaenc(method, this.requestId, this.sid)); - requestBody.params.magic = magicStr; + const token = getRequestToken(method, this.requestId, this.sid); + requestBody.params.magic = token.magic; fetchOptions.body = JSON.stringify(requestBody); const retryRequestUrl = new URL(marhsrutEkaterinburgRfJsonRpcLink); - retryRequestUrl.searchParams.append('m', guidStr); + retryRequestUrl.searchParams.append('m', token.guid); response = await fetch(retryRequestUrl.href, fetchOptions); body = (await response.json()) as JsonRpcResponse; @@ -239,32 +239,28 @@ export class EkaterinburgRfModel { } } -// Getting magic values for requests to ekaterinburg.rf -function shaenc(method: JsonRpcMethods, id: number, sid: string) { - // connecting into one string - const str = method + '-' + id + '-' + sid; +// Getting request token for requests to ekaterinburg.rf +function getRequestToken(method: JsonRpcMethods, id: number, sid: string) { + const token = `${method}-${id}-${sid}`; + const tokenEnc = crypto.createHash('sha1').update(token).digest('hex'); - // calculating hash - const shaStr = sha1(str); - - // turn first and last 16 symbols into GUID - const guidStr = - shaStr.substr(0, 8) + + // transorm first and last 16 symbols into GUID + const guid = + tokenEnc.substr(0, 8) + '-' + - shaStr.substr(8, 4) + + tokenEnc.substr(8, 4) + '-' + - shaStr.substr(12, 4) + + tokenEnc.substr(12, 4) + '-' + - shaStr.substr(24, 4) + + tokenEnc.substr(24, 4) + '-' + - shaStr.substr(28, 12); + tokenEnc.substr(28, 12); // turn 8 middle symbols into magic string - const magicStr = shaStr.substr(16, 8); + const magic = tokenEnc.substr(16, 8); - // formatting result return { - magicStr, - guidStr, + guid, + magic }; } diff --git a/api/package.json b/api/package.json index 1c7857f8..d6703f61 100644 --- a/api/package.json +++ b/api/package.json @@ -10,7 +10,6 @@ }, "dependencies": { "express": "^4.18.2", - "js-sha1": "^0.6.0", "lodash": "^4.17.21", "node-fetch": "^2.7.0", "transport-common": "workspace:*", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 7e5d2336..f26f332d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,5 +1,9 @@ lockfileVersion: '6.0' +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + importers: .: @@ -29,15 +33,12 @@ importers: express: specifier: ^4.18.2 version: 4.18.2 - js-sha1: - specifier: ^0.6.0 - version: 0.6.0 lodash: specifier: ^4.17.21 version: 4.17.21 node-fetch: specifier: ^2.7.0 - version: 2.7.0(encoding@0.1.13) + version: 2.7.0 transport-common: specifier: workspace:* version: link:../common @@ -4547,10 +4548,6 @@ packages: reflect.getprototypeof: 1.0.4 dev: true - /js-sha1@0.6.0: - resolution: {integrity: sha512-01gwBFreYydzmU9BmZxpVk6svJJHrVxEN3IOiGl6VO93bVKYETJ0sIth6DASI6mIFdt7NmfX9UiByRzsYHGU9w==} - dev: false - /js-tokens@4.0.0: resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} @@ -4935,6 +4932,18 @@ packages: whatwg-url: 5.0.0 dev: false + /node-fetch@2.7.0: + resolution: {integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==} + engines: {node: 4.x || >=6.0.0} + peerDependencies: + encoding: ^0.1.0 + peerDependenciesMeta: + encoding: + optional: true + dependencies: + whatwg-url: 5.0.0 + dev: false + /node-fetch@2.7.0(encoding@0.1.13): resolution: {integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==} engines: {node: 4.x || >=6.0.0} @@ -6477,7 +6486,3 @@ packages: /zod@3.21.4: resolution: {integrity: sha512-m46AKbrzKVzOzs/DZgVnG5H55N1sv1M8qZU3A8RIKbs3mrACDNeIOeilDymVb2HdmP8uwshOCF4uJ8uM9rCqJw==} dev: false - -settings: - autoInstallPeers: true - excludeLinksFromLockfile: false