topaLE
/
uptime-kuma
1
0
Fork 0
Code Issues 185 Pull Requests 26 Projects Releases 28 Wiki Activity
Browse Source

increased pushToken security

andreasbrett/securepush
Andreas Brett 3 years ago
parent
5df34cd137
commit
d62561c3be
4 changed files with 15 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      db/patch-monitor-push_token.sql
  2. 1
      src/languages/de-DE.js
  3. 1
      src/languages/en.js
  4. 13
      src/pages/EditMonitor.vue

2
db/patch-monitor-push_token.sql
View File

@ -2,6 +2,6 @@
BEGIN TRANSACTION; BEGIN TRANSACTION;
ALTER TABLE monitor ALTER TABLE monitor
ADD push_token VARCHAR(20) DEFAULT NULL; ADD push_token VARCHAR(32) DEFAULT NULL;
COMMIT; COMMIT;

1
src/languages/de-DE.js
View File

@ -304,4 +304,5 @@ export default {
"One record": "Ein Eintrag", "One record": "Ein Eintrag",
steamApiKeyDescription: "Um einen Steam Game Server zu überwachen, wird ein Steam Web-API-Schlüssel benötigt. Dieser kann hier registriert werden: ", steamApiKeyDescription: "Um einen Steam Game Server zu überwachen, wird ein Steam Web-API-Schlüssel benötigt. Dieser kann hier registriert werden: ",
"Current User": "Aktueller Benutzer", "Current User": "Aktueller Benutzer",
"Reset Token": "Token zurücksetzen",
}; };

1
src/languages/en.js
View File

@ -307,4 +307,5 @@ export default {
steamApiKeyDescription: "For monitoring a Steam Game Server you need a Steam Web-API key. You can register your API key here: ", steamApiKeyDescription: "For monitoring a Steam Game Server you need a Steam Web-API key. You can register your API key here: ",
"Current User": "Current User", "Current User": "Current User",
recent: "Recent", recent: "Recent",
"Reset Token": "Reset Token",
}; };

13
src/pages/EditMonitor.vue
View File

@ -55,6 +55,9 @@
{{ $t("needPushEvery", [monitor.interval]) }}<br /> {{ $t("needPushEvery", [monitor.interval]) }}<br />
{{ $t("pushOptionalParams", ["msg, ping"]) }} {{ $t("pushOptionalParams", ["msg, ping"]) }}
</div> </div>
<button class="btn btn-primary" type="button" @click="resetToken">
{{ $t("Reset Token") }}
</button>
</div> </div>
<!-- Keyword --> <!-- Keyword -->
@ -287,6 +290,8 @@ import { genSecret, isDev } from "../util.ts";
const toast = useToast(); const toast = useToast();
const pushTokenLength = 32;
export default { export default {
components: { components: {
CopyableInput, CopyableInput,
@ -370,7 +375,9 @@ export default {
"monitor.type"() { "monitor.type"() {
if (this.monitor.type === "push") { if (this.monitor.type === "push") {
if (! this.monitor.pushToken) { if (! this.monitor.pushToken) {
this.monitor.pushToken = genSecret(10); // ideally this would require checking if the generated token is already used
// it's very unlikely to get a collision though (62^32 ~ 2.27265788 * 10^57 unique tokens)
this.monitor.pushToken = genSecret(pushTokenLength);
} }
} }
} }
@ -470,6 +477,10 @@ export default {
return true; return true;
}, },
resetToken() {
this.monitor.pushToken = genSecret(pushTokenLength);
},
async submit() { async submit() {
this.processing = true; this.processing = true;

Write Preview
Loading…
Cancel
Save