0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00
verdaccio/.changeset/gentle-trains-switch.md
Juan Picado e367c3f1e0 feat: improve legacy token signature by removing deprecated crypto.cr… (#1953)
* feat: improve legacy token signature by removing deprecated crypto.createDecipher

* fix: wrong reference

* chore: add debug
2021-04-09 17:54:21 +02:00

1.4 KiB

@verdaccio/api @verdaccio/auth @verdaccio/cli @verdaccio/dev-commons @verdaccio/config @verdaccio/commons-api @verdaccio/file-locking @verdaccio/htpasswd @verdaccio/local-storage @verdaccio/readme @verdaccio/streams @verdaccio/types @verdaccio/hooks @verdaccio/loaders @verdaccio/logger @verdaccio/logger-prettify @verdaccio/middleware @verdaccio/mock @verdaccio/node-api @verdaccio/proxy @verdaccio/server @verdaccio/store @verdaccio/dev-types @verdaccio/utils verdaccio @verdaccio/web
major major major major major major major major major major major major major major major major major major major major major major major major major major
  • Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv
  • Introduce environment variables for legacy tokens

Code Improvements

  • Add debug library for improve developer experience

Breaking change

  • The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
  • The secret key must have 32 characters long.

New environment variables

  • VERDACCIO_LEGACY_ALGORITHM: Allows to define the specific algorithm for the token signature which by default is aes-256-ctr
  • VERDACCIO_LEGACY_ENCRYPTION_KEY: By default, the token stores in the database, but using this variable allows to get it from memory