From cb719a54e3b8eecca0da8bdeccf1e332470ccb56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Berg=C3=A9?= <berge.greg@gmail.com>
Date: Mon, 30 Dec 2024 16:31:35 +0100
Subject: [PATCH] feat(security): prefix argos token by "argos_"

---
 apps/backend/src/database/models/Project.ts  | 6 +++++-
 apps/backend/src/database/models/Team.ts     | 2 +-
 apps/backend/src/database/services/crypto.ts | 9 ++++++---
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/apps/backend/src/database/models/Project.ts b/apps/backend/src/database/models/Project.ts
index 7bf9a4cc3..dccb201ff 100644
--- a/apps/backend/src/database/models/Project.ts
+++ b/apps/backend/src/database/models/Project.ts
@@ -243,8 +243,12 @@ export class Project extends Model {
     return false;
   }
 
+  /**
+   * Generate a new token for the project.
+   */
   static async generateToken() {
-    return generateRandomHexString();
+    const token = await generateRandomHexString(34);
+    return `argos_${token}`;
   }
 
   /**
diff --git a/apps/backend/src/database/models/Team.ts b/apps/backend/src/database/models/Team.ts
index 3da04058f..080eae6cc 100644
--- a/apps/backend/src/database/models/Team.ts
+++ b/apps/backend/src/database/models/Team.ts
@@ -179,7 +179,7 @@ export class Team extends Model {
 
   async $getInviteLink() {
     if (!this.inviteSecret) {
-      this.inviteSecret = await generateRandomHexString();
+      this.inviteSecret = await generateRandomHexString(20);
       await Team.query()
         .findById(this.id)
         .patch({ inviteSecret: this.inviteSecret });
diff --git a/apps/backend/src/database/services/crypto.ts b/apps/backend/src/database/services/crypto.ts
index 4f4b1cf9b..f19a15434 100644
--- a/apps/backend/src/database/services/crypto.ts
+++ b/apps/backend/src/database/services/crypto.ts
@@ -3,7 +3,10 @@ import { promisify } from "node:util";
 
 const generateRandomBytes = promisify(randomBytes);
 
-export const generateRandomHexString = async () => {
-  const token = await generateRandomBytes(20);
+/**
+ * Generates a random hex string of the given length.
+ */
+export async function generateRandomHexString(length: number): Promise<string> {
+  const token = await generateRandomBytes(length / 2);
   return token.toString("hex");
-};
+}