JWT handling of secret key [4:56pm]

frankcollins3 / Next-Water-App

Happy, Healthy Water Cycling App that tracks user/human fluid intake.

https://next-water-app.vercel.app

1 stars 0 forks source link

JWT handling of secret key [4:56pm] #59

Closed frankcollins3 closed 1 year ago

frankcollins3 commented 1 year ago

attempting to do: rebuild login route

error: handling of JWT

proposed approach:

a system such as utils.js -> JWT_SECRET_KEY_ARRAY [water, cupofwater, pool, coldwater, warmwater] concatenate user ID onto one of these above string values.

maybe env -> NEXT_PUBLIC_JWT_SECRET_KEY

// already removed username to login. has to be signed up user.

frankcollins3 commented 1 year ago

we would not really want to use that method because: astleast in small user count it could be easy to try to pinpoint other userIDs

malicious behavior would only need: array of possible choices enough time to match choices -> users

[5:05pm]

frankcollins3 commented 1 year ago

npm i crypto. its not a built-in node module export const JWTsecretKeyMaker = () => { return crypto.randomBytes(64).toString('hex') } [9:50pm]