github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 16:28:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden channel token and id generation

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 10:09:55 +01:00
parent c3e13175d2
commit ae8d4a8eec
9 changed files with 81 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/infra/outbound/delivery-queue.ts
View File

@@ -1,9 +1,9 @@
import crypto from "node:crypto";
import fs from "node:fs";
import path from "node:path";
import type { ReplyPayload } from "../../auto-reply/types.js";
import type { OpenClawConfig } from "../../config/config.js";
import { resolveStateDir } from "../../config/paths.js";
import { generateSecureUuid } from "../secure-random.js";
import type { OutboundChannel } from "./targets.js";
const QUEUE_DIRNAME = "delivery-queue";
@@ -83,7 +83,7 @@ export async function enqueueDelivery(
stateDir?: string,
): Promise<string> {
const queueDir = await ensureQueueDir(stateDir);
const id = crypto.randomUUID();
const id = generateSecureUuid();
const entry: QueuedDelivery = {
id,
enqueuedAt: Date.now(),

20
src/infra/secure-random.test.ts Normal file
View File

@@ -0,0 +1,20 @@
import { describe, expect, it } from "vitest";
import { generateSecureToken, generateSecureUuid } from "./secure-random.js";
describe("secure-random", () => {
it("generates UUIDs", () => {
const first = generateSecureUuid();
const second = generateSecureUuid();
expect(first).not.toBe(second);
expect(first).toMatch(
/^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i,
);
});
it("generates url-safe tokens", () => {
const defaultToken = generateSecureToken();
const token18 = generateSecureToken(18);
expect(defaultToken).toMatch(/^[A-Za-z0-9_-]+$/);
expect(token18).toMatch(/^[A-Za-z0-9_-]{24}$/);
});
});

9
src/infra/secure-random.ts Normal file
View File

@@ -0,0 +1,9 @@
import { randomBytes, randomUUID } from "node:crypto";
export function generateSecureUuid(): string {
return randomUUID();
}
export function generateSecureToken(bytes = 16): string {
return randomBytes(bytes).toString("base64url");
}