chore: implement insecure fallback function

dcangulo · dcangulo · commit 47227f7e3196 · 2023-12-05T00:02:58.000+08:00
diff --git a/src/generate-random-bytes.native.ts b/src/generate-random-bytes.native.ts
@@ -1,40 +1,28 @@
 import { NativeModules } from 'react-native';
-import { fallbackRandomBase64String, BYTE_LENGTH } from './utils';
+import { getRandomBase64StringFallback, BYTE_LENGTH } from './utils';
 
 export default function generateRandomBytes(): string {
   const globalObject: any = global;
 
   if (globalObject?.ExpoModules?.ExpoRandom) {
-    const bytes = globalObject.ExpoModules.ExpoRandom.getRandomBase64String(BYTE_LENGTH);
-
-    return bytes;
+    return globalObject.ExpoModules.ExpoRandom.getRandomBase64String(BYTE_LENGTH);
   }
 
   if (globalObject?.ExpoModules?.ExpoCrypto) {
-    const bytes = globalObject.ExpoModules.ExpoCrypto.getRandomBase64String(BYTE_LENGTH);
-
-    return bytes;
+    return globalObject.ExpoModules.ExpoCrypto.getRandomBase64String(BYTE_LENGTH);
   }
 
   if (NativeModules.ExpoRandom) {
-    const bytes = NativeModules.ExpoRandom.getRandomBase64String(BYTE_LENGTH);
-
-    return bytes;
+    return NativeModules.ExpoRandom.getRandomBase64String(BYTE_LENGTH);
   }
 
   if (NativeModules.ExpoCrypto) {
-    const bytes = NativeModules.ExpoCrypto.getRandomBase64String(BYTE_LENGTH);
-
-    return bytes;
+    return NativeModules.ExpoCrypto.getRandomBase64String(BYTE_LENGTH);
   }
 
   if (globalObject?.PkceChallenge) {
-    const bytes = globalObject.PkceChallenge.getRandomBase64String(BYTE_LENGTH);
-
-    return bytes;
+    return globalObject.PkceChallenge.getRandomBase64String(BYTE_LENGTH);
   }
 
-  const bytes = fallbackRandomBase64String(BYTE_LENGTH);
-
-  return bytes;
+  return getRandomBase64StringFallback(BYTE_LENGTH);
 }
diff --git a/src/utils.ts b/src/utils.ts
@@ -25,16 +25,11 @@ export function verifyChallenge(verifier: string, challenge: string) {
   return correctChallenge === challenge;
 }
 
-export function fallbackRandomBase64String(byteLength: number) {
-  const u8 = new Uint8Array(byteLength);
-  let r: number;
+export function getRandomBase64StringFallback(byteLength: number) {
+  console.warn('Native getRandomValues function not found. Falling back to insecure Math.random.');
 
-  u8.map((_, i) => {
-    if ((i & 0x03) === 0 || r === undefined) r = Math.random() * 0x100000000;
-    return (r >>> ((i & 0x03) << 3)) & 0xff;
-  });
-
-  const bytes = base64.encode(String.fromCharCode(...new Uint8Array(u8)));
+  const buffer = new Uint8Array(byteLength).map(() => Math.floor(Math.random() * 256));
+  const bytes = base64.encode(String.fromCharCode(...new Uint8Array(buffer)));
 
   return bytes;
 }
