From eb6cffc960c8189c23d7088eb0bb9fe4ecb4adaf Mon Sep 17 00:00:00 2001
From: Ferenc Schulcz <schulcz.ferenc@gmail.com>
Date: Thu, 6 Feb 2025 14:12:29 +0100
Subject: [PATCH] Require token seed at registration

---
 middleware/registerMW.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/middleware/registerMW.js b/middleware/registerMW.js
index 11875be..4f08c11 100644
--- a/middleware/registerMW.js
+++ b/middleware/registerMW.js
@@ -43,6 +43,15 @@ module.exports = function () {
 			return;
 		}
 
+		if (!('tokenseed' in req.query)) {
+			res.locals.statuscode = 400;
+			res.locals.answer = { message: "Also provide token seed." };
+			next();
+			return;
+		}
+
+		const tokenSeed = req.query.tokenseed
+
 		return db.domainExists(domain).then((exists) => {
 			if (exists) {
 				res.locals.statuscode = 400;
@@ -50,7 +59,7 @@ module.exports = function () {
 				next();
 				return;
 			} else {
-				const token = md5(domain + randomInt(2 ** 31 - 1) + randomInt(2 ** 31 - 1)).toString('hex');
+				const token = md5(domain + tokenSeed).toString('hex');
 				return db.registerDomain(domain, token)
 					.catch(() => {
 						res.locals.statuscode = 500;
-- 
GitLab