发表新帖
发表新帖

Secure random token in Node.js

后端 未结
关注
12 974
盖世英雄少女心
盖世英雄少女心 2020-11-28 00:05

In this question Erik needs to generate a secure random token in Node.js. There\'s the method crypto.randomBytes that generates a random Buffer. However, the ba

12条回答
  • 春和景丽
    春和景丽 (楼主)
    2020-11-28 00:47

    0. Using nanoid third party library [NEW!]

    A tiny, secure, URL-friendly, unique string ID generator for JavaScript

    https://github.com/ai/nanoid

    import { nanoid } from "nanoid";
const id = nanoid(48);


    1. Base 64 Encoding with URL and Filename Safe Alphabet

    Page 7 of RCF 4648 describes how to encode in base 64 with URL safety. You can use an existing library like base64url to do the job.

    The function will be:

    var crypto = require('crypto');
var base64url = require('base64url');

/** Sync */
function randomStringAsBase64Url(size) {
  return base64url(crypto.randomBytes(size));
}

    Usage example:

    randomStringAsBase64Url(20);
// Returns 'AXSGpLVjne_f7w5Xg-fWdoBwbfs' which is 27 characters length.

    Note that the returned string length will not match with the size argument (size != final length).


    2. Crypto random values from limited set of characters

    Beware that with this solution the generated random string is not uniformly distributed.

    You can also build a strong random string from a limited set of characters like that:

    var crypto = require('crypto');

/** Sync */
function randomString(length, chars) {
  if (!chars) {
    throw new Error('Argument \'chars\' is undefined');
  }

  var charsLength = chars.length;
  if (charsLength > 256) {
    throw new Error('Argument \'chars\' should not have more than 256 characters'
      + ', otherwise unpredictability will be broken');
  }

  var randomBytes = crypto.randomBytes(length);
  var result = new Array(length);

  var cursor = 0;
  for (var i = 0; i < length; i++) {
    cursor += randomBytes[i];
    result[i] = chars[cursor % charsLength];
  }

  return result.join('');
}

/** Sync */
function randomAsciiString(length) {
  return randomString(length,
    'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789');
}

    Usage example:

    randomAsciiString(20);
// Returns 'rmRptK5niTSey7NlDk5y' which is 20 characters length.

randomString(20, 'ABCDEFG');
// Returns 'CCBAAGDGBBEGBDBECDCE' which is 20 characters length.

    0 讨论(0)
 看不清?
提交回复
热议问题