feat(auth): remove crypto-random-string in favour of @standardnotes/sncrypto-node

.pnp.cjs

@@ -2589,7 +2589,6 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
             ["axios", "npm:0.27.2"],\
             ["bcryptjs", "npm:2.4.3"],\
             ["cors", "npm:2.8.5"],\
-            ["crypto-random-string", "npm:3.3.0"],\
             ["dayjs", "npm:1.11.3"],\
             ["dotenv", "npm:16.0.1"],\
             ["eslint", "npm:8.19.0"],\
@@ -5509,14 +5508,6 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
         }]\
       ]],\
       ["crypto-random-string", [\
-        ["npm:3.3.0", {\
-          "packageLocation": "./.yarn/cache/crypto-random-string-npm-3.3.0-4f73472f10-deff986631.zip/node_modules/crypto-random-string/",\
-          "packageDependencies": [\
-            ["crypto-random-string", "npm:3.3.0"],\
-            ["type-fest", "npm:0.8.1"]\
-          ],\
-          "linkType": "HARD"\
-        }],\
         ["npm:4.0.0", {\
           "packageLocation": "./.yarn/cache/crypto-random-string-npm-4.0.0-b9f0f76168-91f148f27b.zip/node_modules/crypto-random-string/",\
           "packageDependencies": [\

packages/auth/package.json

@@ -49,7 +49,6 @@
     "axios": "^0.27.2",
     "bcryptjs": "2.4.3",
     "cors": "2.8.5",
-    "crypto-random-string": "3.3.0",
     "dayjs": "^1.11.3",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",

packages/auth/src/Domain/Session/SessionService.spec.ts

@@ -13,6 +13,7 @@ import { RevokedSession } from './RevokedSession'
 import { SettingServiceInterface } from '../Setting/SettingServiceInterface'
 import { LogSessionUserAgentOption } from '@standardnotes/settings'
 import { Setting } from '../Setting/Setting'
+import { CryptoNode } from '@standardnotes/sncrypto-node'
 
 describe('SessionService', () => {
   let sessionRepository: SessionRepositoryInterface
@@ -25,6 +26,7 @@ describe('SessionService', () => {
   let deviceDetector: UAParser
   let timer: TimerInterface
   let logger: winston.Logger
+  let cryptoNode: CryptoNode
 
   const createService = () =>
     new SessionService(
@@ -37,6 +39,7 @@ describe('SessionService', () => {
       123,
       234,
       settingService,
+      cryptoNode,
     )
 
   beforeEach(() => {
@@ -96,6 +99,10 @@ describe('SessionService', () => {
     logger.warn = jest.fn()
     logger.error = jest.fn()
     logger.debug = jest.fn()
+
+    cryptoNode = {} as jest.Mocked<CryptoNode>
+    cryptoNode.generateRandomKey = jest.fn().mockReturnValue('foo bar')
+    cryptoNode.base64URLEncode = jest.fn().mockReturnValue('foobar')
   })
 
   it('should mark a revoked session as received', async () => {

packages/auth/src/Domain/Session/SessionService.ts

@@ -1,7 +1,6 @@
 import * as crypto from 'crypto'
 import * as winston from 'winston'
 import * as dayjs from 'dayjs'
-import * as cryptoRandomString from 'crypto-random-string'
 import { UAParser } from 'ua-parser-js'
 import { inject, injectable } from 'inversify'
 import { v4 as uuidv4 } from 'uuid'
@@ -20,6 +19,7 @@ import { SettingServiceInterface } from '../Setting/SettingServiceInterface'
 import { LogSessionUserAgentOption, SettingName } from '@standardnotes/settings'
 import { SessionBody } from '@standardnotes/responses'
 import { Uuid } from '@standardnotes/common'
+import { CryptoNode } from '@standardnotes/sncrypto-node'
 
 @injectable()
 export class SessionService implements SessionServiceInterface {
@@ -35,6 +35,7 @@ export class SessionService implements SessionServiceInterface {
     @inject(TYPES.ACCESS_TOKEN_AGE) private accessTokenAge: number,
     @inject(TYPES.REFRESH_TOKEN_AGE) private refreshTokenAge: number,
     @inject(TYPES.SettingService) private settingService: SettingServiceInterface,
+    @inject(TYPES.CryptoNode) private cryptoNode: CryptoNode,
   ) {}
 
   async createNewSessionForUser(dto: {
@@ -263,8 +264,8 @@ export class SessionService implements SessionServiceInterface {
   }
 
   private async createTokens(session: Session): Promise<SessionBody> {
-    const accessToken = cryptoRandomString({ length: 16, type: 'url-safe' })
-    const refreshToken = cryptoRandomString({ length: 16, type: 'url-safe' })
+    const accessToken = this.cryptoNode.base64URLEncode(await this.cryptoNode.generateRandomKey(48))
+    const refreshToken = this.cryptoNode.base64URLEncode(await this.cryptoNode.generateRandomKey(48))
 
     const hashedAccessToken = crypto.createHash('sha256').update(accessToken).digest('hex')
     const hashedRefreshToken = crypto.createHash('sha256').update(refreshToken).digest('hex')

yarn.lock

@@ -1852,7 +1852,6 @@ __metadata:
     axios: ^0.27.2
     bcryptjs: 2.4.3
     cors: 2.8.5
-    crypto-random-string: 3.3.0
     dayjs: ^1.11.3
     dotenv: ^16.0.1
     eslint: ^8.14.0
@@ -4219,15 +4218,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"crypto-random-string@npm:3.3.0":
-  version: 3.3.0
-  resolution: "crypto-random-string@npm:3.3.0"
-  dependencies:
-    type-fest: ^0.8.1
-  checksum: deff9866311a3a17ffd26ecdcebbbe9e1e12cf2fca5dd6e89993c9a03342d6da83f9f82cb0bfd7b31265d45eea710f376bc2af37bf3b053ef0cade920b8b04ba
-  languageName: node
-  linkType: hard
-
 "crypto-random-string@npm:^4.0.0":
   version: 4.0.0
   resolution: "crypto-random-string@npm:4.0.0"