Merge pull request #552 from MasterKale/feat/530-remove-user-id-footgun

feat/530-remove-user-id-footgun
author: Matthew Miller <matthew@millerti.me> 2024-04-12 13:34:15 -0700
committer: GitHub <noreply@github.com> 2024-04-12 13:34:15 -0700
commit: b2a6e96005660431dc4598eb5d717802b6c238e3 (patch)
tree: daf7b0e5316703898d7621e4da52e7dfabde6802 /packages/server/src/helpers/generateUserID.ts
parent: fe90e2765b2bfab2405ef2875c9c98d39d66416e (diff)
parent: b316c3f6de77824680c8e153e9124aeaf9c10d4f (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/packages/server/src/helpers/generateUserID.ts b/packages/server/src/helpers/generateUserID.ts
new file mode 100644
index 0000000..eaf9bb0
--- /dev/null
+++ b/packages/server/src/helpers/generateUserID.ts
@@ -0,0 +1,21 @@
+import { isoCrypto } from './iso/index.ts';
+
+/**
+ * Generate a suitably random value to be used as user ID
+ */
+export async function generateUserID(): Promise<Uint8Array> {
+  /**
+   * WebAuthn spec says user.id has a max length of 64 bytes. I prefer how 32 random bytes look
+   * after they're base64url-encoded so I'm choosing to go with that here.
+   */
+  const newUserID = new Uint8Array(32);
+
+  await isoCrypto.getRandomValues(newUserID);
+
+  return _generateUserIDInternals.stubThis(newUserID);
+}
+
+// Make it possible to stub the return value during testing
+export const _generateUserIDInternals = {
+  stubThis: (value: Uint8Array) => value,
+};
author	Matthew Miller <matthew@millerti.me>	2024-04-12 13:34:15 -0700
committer	GitHub <noreply@github.com>	2024-04-12 13:34:15 -0700
commit	b2a6e96005660431dc4598eb5d717802b6c238e3 (patch)
tree	daf7b0e5316703898d7621e4da52e7dfabde6802 /packages/server/src/helpers/generateUserID.ts
parent	fe90e2765b2bfab2405ef2875c9c98d39d66416e (diff)
parent	b316c3f6de77824680c8e153e9124aeaf9c10d4f (diff)