push monitor: increase token security (#912)

* increased pushToken security

* Merge manually

---------

Co-authored-by: Andreas Brett <github@abrett.de>
Co-authored-by: Louis Lam <louislam@users.noreply.github.com>
pull/3889/head
Andreas Brett 2023-10-11 13:28:06 +02:00 committed by GitHub
parent 67d0ef571d
commit 42bf27fe5a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 1 deletions

View File

@ -0,0 +1,14 @@
exports.up = function (knex) {
// update monitor.push_token to 32 length
return knex.schema
.alterTable("monitor", function (table) {
table.string("push_token", 32).alter();
});
};
exports.down = function (knex) {
return knex.schema
.alterTable("monitor", function (table) {
table.string("push_token", 20).alter();
});
};

View File

@ -244,6 +244,7 @@
"successMessage": "Success Message",
"successMessageExplanation": "MQTT message that will be considered as success",
"recent": "Recent",
"Reset Token": "Reset Token",
"Done": "Done",
"Info": "Info",
"Security": "Security",

View File

@ -119,6 +119,9 @@
{{ $t("needPushEvery", [monitor.interval]) }}<br />
{{ $t("pushOptionalParams", ["status, msg, ping"]) }}
</div>
<button class="btn btn-primary" type="button" @click="resetToken">
{{ $t("Reset Token") }}
</button>
</div>
<!-- Keyword -->
@ -847,6 +850,8 @@ import { sleep } from "../util";
const toast = useToast();
const pushTokenLength = 32;
const monitorDefaults = {
type: "http",
name: "",
@ -1145,7 +1150,9 @@ message HealthCheckResponse {
"monitor.type"() {
if (this.monitor.type === "push") {
if (! this.monitor.pushToken) {
this.monitor.pushToken = genSecret(10);
// ideally this would require checking if the generated token is already used
// it's very unlikely to get a collision though (62^32 ~ 2.27265788 * 10^57 unique tokens)
this.monitor.pushToken = genSecret(pushTokenLength);
}
}
@ -1348,6 +1355,10 @@ message HealthCheckResponse {
return true;
},
resetToken() {
this.monitor.pushToken = genSecret(pushTokenLength);
},
/**
* Submit the form data for processing
* @returns {void}