github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-07 10:59:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden device pairing token generation and verification

Browse Source 
Improved token generation in newToken() and added timing-safe token
comparison in verifyDeviceToken() following the existing pattern from
gateway auth.
This commit is contained in:
Kolega.dev
2026-02-14 18:23:15 +00:00
committed by Gustavo Madeira Santana
parent b97191b81a
commit 37c4db02ab
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/infra/device-pairing.ts
View File

@@ -1,4 +1,4 @@
import { randomUUID } from "node:crypto";
import { randomUUID, randomBytes } from "node:crypto";
import { safeEqualSecret } from "../security/secret-equal.js";
import {
createAsyncLock,
@@ -176,7 +176,7 @@ function scopesAllow(requested: string[], allowed: string[]): boolean {
}
function newToken() {
return randomUUID().replaceAll("-", "");
return randomBytes(32).toString("base64url");
}
export async function listDevicePairing(baseDir?: string): Promise<DevicePairingList> {