push monitor: increase token security (#912)

* increased pushToken security * Merge manually --------- Co-authored-by: Andreas Brett <github@abrett.de> Co-authored-by: Louis Lam <louislam@users.noreply.github.com>
2025-08-21 13:10:46 +08:00 · 2023-10-11 13:28:06 +02:00
parent 67d0ef571d
commit 42bf27fe5a
3 changed files with 27 additions and 1 deletions
--- a/src/pages/EditMonitor.vue
+++ b/src/pages/EditMonitor.vue
@@ -119,6 +119,9 @@
                                    {{ $t("needPushEvery", [monitor.interval]) }}<br />
                                    {{ $t("pushOptionalParams", ["status, msg, ping"]) }}
                                </div>
+                                <button class="btn btn-primary" type="button" @click="resetToken">
+                                    {{ $t("Reset Token") }}
+                                </button>
                            </div>

                            <!-- Keyword -->
@@ -847,6 +850,8 @@ import { sleep } from "../util";

 const toast = useToast();

+const pushTokenLength = 32;
+
 const monitorDefaults = {
    type: "http",
    name: "",
@@ -1145,7 +1150,9 @@ message HealthCheckResponse {
        "monitor.type"() {
            if (this.monitor.type === "push") {
                if (! this.monitor.pushToken) {
-                    this.monitor.pushToken = genSecret(10);
+                    // ideally this would require checking if the generated token is already used
+                    // it's very unlikely to get a collision though (62^32 ~ 2.27265788 * 10^57 unique tokens)
+                    this.monitor.pushToken = genSecret(pushTokenLength);
                }
            }

@@ -1348,6 +1355,10 @@ message HealthCheckResponse {
            return true;
        },

+        resetToken() {
+            this.monitor.pushToken = genSecret(pushTokenLength);
+        },
+
        /**
         * Submit the form data for processing
         * @returns {void}