ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add comment about magic login code security (#2544)

Browse Source
This commit is contained in:
ekzyis 2025-09-17 22:50:55 +02:00 committed by GitHub
parent a0dffb2f18
commit 21b4c4befb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pages/api/auth/[...nextauth].js
View File

@ -408,7 +408,9 @@ function generateRandomString (length = 6, charset = BECH32_CHARSET) {
const bytes = randomBytes(length) const bytes = randomBytes(length)
let result = '' let result = ''
// Map each byte to a character in the charset // Even though we're creating biased numbers by mapping each byte to a bech32 character,
// this is still secure because it provides 30 bits of security (32^6 = 2^30)
// and we are limiting the number of attempts.
for (let i = 0; i < length; i++) { for (let i = 0; i < length; i++) {
result += charset[bytes[i] % charset.length] result += charset[bytes[i] % charset.length]
} }