Use CRYPTO_BYTE_SIZE length from the central configuration

Syed Rakib Al Hasan · Syed Rakib Al Hasan · commit 9a39bb707649 · 2016-07-27T17:27:33.000+06:00
instead of specifying crypto byte size lengths individually in every script
diff --git a/LambdAuthChangePassword/index.js b/LambdAuthChangePassword/index.js
@@ -10,7 +10,7 @@ var dynamodb = new AWS.DynamoDB();
 
 function computeHash(password, salt, fn) {
 	// Bytesize
-	var len = 128;
+	var len = config.CRYPTO_BYTE_SIZE;
 	var iterations = 4096;
 
 	if (3 == arguments.length) {
diff --git a/LambdAuthCreateUser/index.js b/LambdAuthCreateUser/index.js
@@ -12,7 +12,7 @@ var ses = new AWS.SES();
 
 function computeHash(password, salt, fn) {
 	// Bytesize
-	var len = 128;
+	var len = config.CRYPTO_BYTE_SIZE;
 	var iterations = 4096;
 
 	if (3 == arguments.length) {
@@ -32,7 +32,7 @@ function computeHash(password, salt, fn) {
 
 function storeUser(email, password, salt, fn) {
 	// Bytesize
-	var len = 128;
+	var len = config.CRYPTO_BYTE_SIZE;
 	crypto.randomBytes(len, function(err, token) {
 		if (err) return fn(err);
 		token = token.toString('hex');
diff --git a/LambdAuthLogin/index.js b/LambdAuthLogin/index.js
@@ -11,7 +11,7 @@ var cognitoidentity = new AWS.CognitoIdentity();
 
 function computeHash(password, salt, fn) {
 	// Bytesize
-	var len = 128;
+	var len = config.CRYPTO_BYTE_SIZE;
 	var iterations = 4096;
 
 	if (3 == arguments.length) {
diff --git a/LambdAuthLostPassword/index.js b/LambdAuthLostPassword/index.js
@@ -31,7 +31,7 @@ function getUser(email, fn) {
 
 function storeLostToken(email, fn) {
 	// Bytesize
-	var len = 128;
+	var len = config.CRYPTO_BYTE_SIZE;
 	crypto.randomBytes(len, function(err, token) {
 		if (err) return fn(err);
 		token = token.toString('hex');
diff --git a/LambdAuthResetPassword/index.js b/LambdAuthResetPassword/index.js
@@ -10,7 +10,7 @@ var dynamodb = new AWS.DynamoDB();
 
 function computeHash(password, salt, fn) {
 	// Bytesize
-	var len = 128;
+	var len = config.CRYPTO_BYTE_SIZE;
 	var iterations = 4096;
 
 	if (3 == arguments.length) {
diff --git a/README.md b/README.md
@@ -45,6 +45,7 @@ The `init.sh` script requires a configured [AWS Command Line Interface (CLI)](ht
 - the AWS region (e.g. "eu-west-1")
 - the Amazon S3 bucket to use for the sample HTML pages
 - the Cache-Control: max-age value, in seconds, to use on Amazon S3 (e.g. if distributed by [Amazon CloudFront](http://aws.amazon.com/cloudfront/) or another CDN)
+- the cryptographically generated byte size: the length of the various randomly generated hashes / keys / tokens etc can be altered from here centrally. If you choose to use different lengths for the different strings generated by the different lambda functions, you can override this value in those particular lambda scripts individually as desired
 - the Amazon DynamoDB table to create/use
 - the Amazon Cognito identity pool name to create/use (the identity pool id is automatically overwritten if present in the config.json file)
 - the Developer Provider Name to use with Amazon Cognito
@@ -60,6 +61,7 @@ The `init.sh` script requires a configured [AWS Command Line Interface (CLI)](ht
   "REGION": "eu-west-1",
   "BUCKET": "bucket",
   "MAX_AGE": "10",
+  "CRYPTO_BYTE_SIZE": 128,
   "DDB_TABLE": "LambdAuthUsers",
   "IDENTITY_POOL_NAME": "LambdAuth",
   "DEVELOPER_PROVIDER_NAME": "login.mycompany.myapp",
diff --git a/config.json b/config.json
@@ -4,6 +4,7 @@
   "REGION": "eu-west-1",
   "BUCKET": "bucket",
   "MAX_AGE": "10",
+  "CRYPTO_BYTE_SIZE": 128,
   "DDB_TABLE": "LambdAuthUsers",
   "IDENTITY_POOL_NAME": "LambdAuth",
   "DEVELOPER_PROVIDER_NAME": "login.mycompany.myapp",
