From 1ec659f8c7cbf527c32e842d8a2cf8f4cb5aa39f Mon Sep 17 00:00:00 2001
From: Peter Stuifzand <peter@stuifzand.eu>
Date: Sun, 17 Feb 2019 11:50:27 +0100
Subject: [PATCH] Add crypto library to generate random state key

---
 indieauth.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/indieauth.js b/indieauth.js
index f624675..0236f31 100644
--- a/indieauth.js
+++ b/indieauth.js
@@ -1,4 +1,5 @@
 var Micropub = require('micropub-helper');
+var crypto = require('crypto');
 
 module.exports = function (RED) {
     function IndieauthNode(n) {
@@ -16,7 +17,9 @@ module.exports = function (RED) {
     RED.httpAdmin.get('/indieauth/auth', function (req, res) {
         var node_id = req.query.id;
         var redirect_uri = req.query.callback;
-        var state = node_id + ':1234';
+
+        var random_part = crypto.randomBytes(20).toString('hex');
+        var state = node_id + ':' + random_part;
 
         const micropub = new Micropub({
             clientId: req.query.client_id,