github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 05:41:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden channel token and id generation

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 10:09:55 +01:00
parent c3e13175d2
commit ae8d4a8eec
9 changed files with 81 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/infra/outbound/delivery-queue.ts
View File

@@ -1,9 +1,9 @@
import crypto from "node:crypto";
import fs from "node:fs";
import path from "node:path";
import type { ReplyPayload } from "../../auto-reply/types.js";
import type { OpenClawConfig } from "../../config/config.js";
import { resolveStateDir } from "../../config/paths.js";
import { generateSecureUuid } from "../secure-random.js";
import type { OutboundChannel } from "./targets.js";
const QUEUE_DIRNAME = "delivery-queue";
@@ -83,7 +83,7 @@ export async function enqueueDelivery(
stateDir?: string,
): Promise<string> {
const queueDir = await ensureQueueDir(stateDir);
const id = crypto.randomUUID();
const id = generateSecureUuid();
const entry: QueuedDelivery = {
id,
enqueuedAt: Date.now(),