Skip to content

Commit

Permalink
Use random string for securing socketIO pn iOS
Browse files Browse the repository at this point in the history
  • Loading branch information
vinkabuki committed Oct 17, 2023
1 parent 8f476a2 commit 140801b
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion packages/mobile/ios/Quiet/AppDelegate.m
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,19 @@ - (void) createDataDirectory {
self.dataPath = [dataDirectory create];
}

NSString* randomStringWithLength(int length) {
NSString *letters = @"0123456789";
NSMutableString *randomString = [NSMutableString stringWithCapacity:length];

for (int i=0; i<length; i++) {
uint32_t rand = arc4random_uniform((uint32_t)[letters length]);
unichar character = [letters characterAtIndex:rand];
[randomString appendFormat:@"%C", character];
}

return randomString;
}

- (void) initWebsocketConnection {
/*
* We have to wait for RCTBridge listeners to be initialized, yet we must be sure to deliver the event containing data port information.
Expand All @@ -116,7 +129,7 @@ - (void) spinupBackend:(BOOL)init {
FindFreePort *findFreePort = [FindFreePort new];

self.dataPort = [findFreePort getFirstStartingFromPort:11000];
self.socketIOSecret = @"SECRET";
self.socketIOSecret = randomStringWithLength(20);

uint16_t socksPort = [findFreePort getFirstStartingFromPort:12000];
uint16_t controlPort = [findFreePort getFirstStartingFromPort:14000];
Expand Down

0 comments on commit 140801b

Please sign in to comment.