github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 14:34:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden device pairing token generation and verification (#16535)

Browse Source 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: bcbb50e368
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
This commit is contained in:
Gustavo Madeira Santana
2026-02-14 16:23:33 -05:00
committed by GitHub
parent b97191b81a
commit 48b3d7096c
6 changed files with 134 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/infra/pairing-token.ts Normal file
View File

@@ -0,0 +1,12 @@
import { randomBytes } from "node:crypto";
import { safeEqualSecret } from "../security/secret-equal.js";
export const PAIRING_TOKEN_BYTES = 32;
export function generatePairingToken(): string {
return randomBytes(PAIRING_TOKEN_BYTES).toString("base64url");
}
export function verifyPairingToken(provided: string, expected: string): boolean {
return safeEqualSecret(provided, expected);
}