add hashAlgorithm to options; move hash to object instance property #16
Conversation
|
A security pal pointed out that sha1 has myriad security concerns, was asked to use a different algorithm. Fortunately, it's an easy task to extend the initialization Node crypto supports anything available in its native OS : https://nodejs.org/api/crypto.html#crypto_crypto_createhash_algorithm_options
|
buzcarter
force-pushed
the
feature/crypto-hash-algorithm-option
branch
from
2cc630a to
cf459a7
Compare
| @@ -148,9 +163,9 @@ Tokens.prototype.verify = function verify (secret, token) { | |||
| * @private | |||
| */ | |||
|
|
|||
| function hash (str) { | |||
| Tokens.prototype.hash = function hash (str) { | |||
There was a problem hiding this comment.
this is the biggest change: moving this method from a private "helper" to a public class method, all necessitated by needing access to this.hashAlgorithm.
Is the naming convention to prepend an underscore to indicate private? (which would be great, IMHO -- _hash)
No description provided.