GitHub/mysa-js-sdk
1
0
Fork 0
mirror of https://github.com/bourquep/mysa-js-sdk.git synced 2026-02-04 01:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Hash username in MQTT client ID generation

Browse Source 
Replaces the plain username in the MQTT client ID with a SHA-1 hash for improved privacy and to avoid exposing usernames in client identifiers.
This commit is contained in:
Pascal Bourque
2025-11-09 10:57:45 -05:00
parent 5fce04543a
commit 2d49a4ddb9
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/api/MysaApiClient.ts
View File

@@ -19,6 +19,7 @@ import {
CognitoUserSession CognitoUserSession
} from 'amazon-cognito-identity-js'; } from 'amazon-cognito-identity-js';
import { iot, mqtt } from 'aws-iot-device-sdk-v2'; import { iot, mqtt } from 'aws-iot-device-sdk-v2';
import { hash } from 'crypto';
import dayjs from 'dayjs'; import dayjs from 'dayjs';
import duration from 'dayjs/plugin/duration.js'; import duration from 'dayjs/plugin/duration.js';
import { customAlphabet } from 'nanoid'; import { customAlphabet } from 'nanoid';
@@ -713,7 +714,9 @@ export class MysaApiClient {
// Per-process stable client id. Random suffix avoids collisions with other running processes. // Per-process stable client id. Random suffix avoids collisions with other running processes.
if (!this._mqttClientId) { if (!this._mqttClientId) {
this._mqttClientId = `mysa-js-sdk-${this.session?.username ?? 'anon'}-${process.pid}-${getRandomClientId()}`; const username = this.session?.username ?? 'anon';
const usernameHash = hash('sha1', username);
this._mqttClientId = `mysa-js-sdk-${usernameHash}-${process.pid}-${getRandomClientId()}`;
} }
const builder = iot.AwsIotMqttConnectionConfigBuilder.new_with_websockets() const builder = iot.AwsIotMqttConnectionConfigBuilder.new_with_websockets()