I am creating a re-director of sorts in nodejs. I have a few values like userid // superid
these I would like to hash to prevent users from retrieving the url and fakin
Here's what I used. Comments welcome :-)
The important bit is buffer.toString('base64'), then URL-safeing that base64 string with a couple of replace()s.
function newId() {
// Get random string with 20 bytes secure randomness
var crypto = require('crypto');
var id = crypto.randomBytes(20).toString('base64');
// Make URL safe
return id.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
}
Based on the implementation here.
Makes a string safe for URL's and local email addresses (before the @).
You could use a so called URL safe variant of Base64. The most common variant, described in RFC 4648, uses -
and _
instead of +
and /
respectively, and omits padding characters (=
).
Most implementations of Base64 support this URL safe variant too, though if yours doesn't, it's easy enough to do manually.