apps/wg-easy
1
0
Fork 0
mirror of https://github.com/wg-easy/wg-easy.git synced 2025-10-20 22:30:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

fixes: security stuff (#47)

Browse Source 
Insecure randomness (high)
gravatar: md5 insecure hash algorithm (high)
Clear text transmission of sensitive cookie (medium)
This commit is contained in:
Philip H
2023-12-02 22:59:30 +01:00
committed by GitHub
parent 8d3e355591
commit 4c7d763d24
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/lib/Server.js
View File

@@ -2,6 +2,7 @@
const path = require('path');
const bcrypt = require('bcryptjs');
const crypto = require('node:crypto');
const express = require('express');
const expressSession = require('express-session');
@@ -27,9 +28,10 @@ module.exports = class Server {
.use('/', express.static(path.join(__dirname, '..', 'www')))
.use(express.json())
.use(expressSession({
secret: String(Math.random()),
secret: crypto.randomBytes(256).toString('hex'),
resave: true,
saveUninitialized: true,
secure: true,
}))
.get('/api/release', (Util.promisify(async () => {