mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-22 11:15:23 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: use nanoid instead of shortid

Browse source 
shortid is deprecated and they recommend nanoid instead.
We're not sure if this has to do with possible name
collisions or enumerability, but to be sure and on the
safe side, we're changing this. nanoid seems quite safe
since it uses node's crypto module underneath.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2025-05-05 18:13:58 +02:00
parent 5fdc09512a
commit f9bb121522
No known key found for this signature in database
GPG key ID: DB99ADDDC5C0AF82
7 changed files with 24 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/models/note.js
View file

@ -7,7 +7,7 @@ const base64url = require('base64url')
const md = require('markdown-it')()
const metaMarked = require('@hedgedoc/meta-marked')
const cheerio = require('cheerio')
const shortId = require('shortid')
const nanoid = require('nanoid')
const Sequelize = require('sequelize')
const async = require('async')
const moment = require('moment')
@ -37,7 +37,7 @@ module.exports = function (sequelize, DataTypes) {
type: DataTypes.STRING,
unique: true,
allowNull: false,
defaultValue: shortId.generate
defaultValue: () => nanoid.nanoid(10)
},
alias: {
type: DataTypes.STRING,
@ -297,7 +297,7 @@ module.exports = function (sequelize, DataTypes) {
parseNoteIdByShortId: function (_callback) {
// try to parse note id by shortId
try {
if (shortId.isValid(noteId)) {
if (noteId && noteId.length === 10) {
Note.findOne({
where: utils.isMySQL(sequelize)
? sequelize.where(sequelize.fn('BINARY', sequelize.col('shortid')), noteId)