fix(auth/otpcode): less sensitive key gen for otpcode

Krr0ptioN · Sep 6, 2024 · 7a61a9e · 7a61a9e
1 parent 5a87a50
commit 7a61a9e
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 51 deletions.
diff --git a/libs/core/security/src/lib/authentication/domain/value-objects/otpcode.value-object.ts b/libs/core/security/src/lib/authentication/domain/value-objects/otpcode.value-object.ts
@@ -1,15 +1,9 @@
 import { ValueObject } from '@goran/common';
+import otp from "otp-generator";
 
 export class OtpCodeVO extends ValueObject<string> {
-    public static digits = '0123456789abcdefghijklmnopqrstuvwxyz';
-
     static create() {
-        let otpcode = '';
-        const len = OtpCodeVO.digits.length;
-        for (let i = 0; i < 6; i++) {
-            otpcode += OtpCodeVO.digits[Math.floor(Math.random() * len)];
-        }
-        return new OtpCodeVO({ value: otpcode });
+        return new OtpCodeVO({ value: otp.generator(6, { upperCaseAlphabets: false, specialChars: false }) });
     }
 
     protected validate({ value }: { value: string }): void {

diff --git a/package.json b/package.json
@@ -69,6 +69,7 @@
     "next": "14.0.4",
     "next-themes": "^0.3.0",
     "nodemailer": "^6.9.14",
+    "otp-generator": "^4.0.1",
     "oxide.ts": "^1.1.0",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
@@ -131,6 +132,7 @@
     "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "~18.16.20",
     "@types/nodemailer": "^6.4.15",
+    "@types/otp-generator": "^4.0.2",
     "@types/passport-jwt": "^4.0.1",
     "@types/pg": "^8.11.6",
     "@types/react": "18.2.33",

diff --git a/yarn.lock b/yarn.lock
@@ -2714,6 +2714,7 @@ __metadata:
     "@types/jsonwebtoken": "npm:^9.0.6"
     "@types/node": "npm:~18.16.20"
     "@types/nodemailer": "npm:^6.4.15"
+    "@types/otp-generator": "npm:^4.0.2"
     "@types/passport-jwt": "npm:^4.0.1"
     "@types/pg": "npm:^8.11.6"
     "@types/react": "npm:18.2.33"
@@ -2766,6 +2767,7 @@ __metadata:
     next-themes: "npm:^0.3.0"
     nodemailer: "npm:^6.9.14"
     nx: "npm:18.2.4"
+    otp-generator: "npm:^4.0.1"
     oxide.ts: "npm:^1.1.0"
     passport: "npm:^0.7.0"
     passport-jwt: "npm:^4.0.1"
@@ -10074,6 +10076,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/otp-generator@npm:^4.0.2":
+  version: 4.0.2
+  resolution: "@types/otp-generator@npm:4.0.2"
+  checksum: 10c0/e5e24ba52a2fdbf196f134622e4d8188d1ce7beca6602000855bc99138cb432d080a5bbd54f223ba5066459b1621bb052ac15f4f3c28c67859c7de4ddf6e62e3
+  languageName: node
+  linkType: hard
+
 "@types/parse-json@npm:^4.0.0":
   version: 4.0.2
   resolution: "@types/parse-json@npm:4.0.2"
@@ -15730,13 +15739,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"extend-object@npm:^1.0.0":
-  version: 1.0.0
-  resolution: "extend-object@npm:1.0.0"
-  checksum: 10c0/7644bfe3d2bac31fa3ab0d1aedef2a5a4c27975690f92191ec8a72d6440605f7ad920d60ac356374177ec71b1e3369e7134997b31692e2f7a55a4cb7fbb7ba57
-  languageName: node
-  linkType: hard
-
 "extend-shallow@npm:^2.0.1":
   version: 2.0.1
   resolution: "extend-shallow@npm:2.0.1"
@@ -16760,24 +16762,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"hanji@npm:^0.0.5":
-  version: 0.0.5
-  resolution: "hanji@npm:0.0.5"
-  dependencies:
-    minimist: "npm:^1.2.5"
-    neo-async: "npm:^2.6.2"
-    source-map: "npm:^0.6.1"
-    uglify-js: "npm:^3.1.4"
-    wordwrap: "npm:^1.0.0"
-  dependenciesMeta:
-    uglify-js:
-      optional: true
-  bin:
-    handlebars: bin/handlebars
-  checksum: 10c0/7aff423ea38a14bb379316f3857fe0df3c5d66119270944247f155ba1f08e07a92b340c58edaa00cfe985c21508870ee5183e0634dcb53dd405f35c93ef7f10d
-  languageName: node
-  linkType: hard
-
 "harmony-reflect@npm:^1.4.6":
   version: 1.6.2
   resolution: "harmony-reflect@npm:1.6.2"
@@ -17703,7 +17687,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"is-promise@npm:^2.0.0, is-promise@npm:^2.2.2":
+"is-promise@npm:^2.0.0":
   version: 2.2.2
   resolution: "is-promise@npm:2.2.2"
   checksum: 10c0/2dba959812380e45b3df0fb12e7cb4d4528c989c7abb03ececb1d1fd6ab1cbfee956ca9daa587b9db1d8ac3c1e5738cf217bdb3dfd99df8c691be4c00ae09069
@@ -19733,13 +19717,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"mensch@npm:^0.3.4":
-  version: 0.3.4
-  resolution: "mensch@npm:0.3.4"
-  checksum: 10c0/177f9c1cb1acd93da98a971288a5da99f819ac06de19ca450040b18ddf8728c7ae0ce22309fadbbfd4ceb773bc5c03bf1cb93ceb91441da9e76e010d314da2ea
-  languageName: node
-  linkType: hard
-
 "merge-descriptors@npm:1.0.1":
   version: 1.0.1
   resolution: "merge-descriptors@npm:1.0.1"
@@ -19901,15 +19878,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"minimatch@npm:^7.4.3":
-  version: 7.4.6
-  resolution: "minimatch@npm:7.4.6"
-  dependencies:
-    brace-expansion: "npm:^2.0.1"
-  checksum: 10c0/e587bf3d90542555a3d58aca94c549b72d58b0a66545dd00eef808d0d66e5d9a163d3084da7f874e83ca8cc47e91c670e6c6f6593a3e7bb27fcc0e6512e87c67
-  languageName: node
-  linkType: hard
-
 "minimatch@npm:^9.0.1, minimatch@npm:^9.0.3, minimatch@npm:^9.0.4":
   version: 9.0.5
   resolution: "minimatch@npm:9.0.5"
@@ -21287,6 +21255,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"otp-generator@npm:^4.0.1":
+  version: 4.0.1
+  resolution: "otp-generator@npm:4.0.1"
+  checksum: 10c0/22822bfa0f914bca9dbbf309acffcfdcf4f4ed6f800e6b3d08d6b442355bb6da15b5d1b3417530cd9db8fed64810ba63923964567d53b03ba6cccde51edc2546
+  languageName: node
+  linkType: hard
+
 "oxide.ts@npm:^1.1.0":
   version: 1.1.0
   resolution: "oxide.ts@npm:1.1.0"
@@ -26742,7 +26717,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"wordwrap@npm:>=0.0.2, wordwrap@npm:^1.0.0":
+"wordwrap@npm:^1.0.0":
   version: 1.0.0
   resolution: "wordwrap@npm:1.0.0"
   checksum: 10c0/7ed2e44f3c33c5c3e3771134d2b0aee4314c9e49c749e37f464bf69f2bcdf0cbf9419ca638098e2717cff4875c47f56a007532f6111c3319f557a2ca91278e92