6

Python has functionality to create hex UUID's like so:

>>> import uuid
>>> uuid.uuid4().hex
'47be94c37e484e13ab04ed3c54a5b681'
  • Is it possible to do the same in client javascript, with the same hex formatting?
  • Is there a way to "validate" the UUID the client sends back? I.e. prevent or notice if a malicious user sends back "1234abcdsh*t..."

A solution idea is to just generate each of the 32 characters randomly on the frontend, but I don't know if there's anything special about the hex UUID's, and I'm also not sure if there's a good way to validate the client sent back a valid value (and not a series of 32 a's)

Edit: just realized there's nothing special about the "hex" formatting, it's just missing the dashes. Will leave that bullet up in case it confuses anyone else.

raphaelrk
  • 757
  • 10
  • 17
  • _Is there a way to validate the client sends back a valid UUID?_ && _I'm also not sure if there's a good way to validate the client sent back a valid value_ - can you clarify what it is you want then? (besides can you do this in JavaScript) – Randy Casburn Apr 05 '18 at 03:35
  • Well that wasn't so hard...I like Google, I recommend it really: https://github.com/kelektiv/node-uuid – Randy Casburn Apr 05 '18 at 03:37
  • 1
    Possible duplicate of [Create GUID / UUID in JavaScript?](https://stackoverflow.com/questions/105034/create-guid-uuid-in-javascript) – Randy Casburn Apr 05 '18 at 03:38
  • 2
    while that duplicate has some interesting answers, for a v4 UUID nothing beats `const uuidv4 = () => ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c => (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16));` ... or `const uuidv4hex = () => ([1e7,1e3,4e3,8e3,1e11].join('')).replace(/[018]/g, c => (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16));` for the `.hex` equivalent :p – Jaromanda X Apr 05 '18 at 03:48
  • @JaromandaX the second function is what I was looking for! Would it be possible to add or link an explanation? Meanwhile, would still be interested if anyone knows how to make sure "abcd1234sh*t..." isn't sent back by a malicious user. – raphaelrk Apr 05 '18 at 03:52
  • 1
    well, validating would require code on the server to check - you haven't specified your server language, so, all I can say is that you need to make sure the 13th? character is 4, and and the 17th character is `8->f` (I think) – Jaromanda X Apr 05 '18 at 03:55
  • Server language is python3 (running flask) – raphaelrk Apr 05 '18 at 03:58
  • Ah, found the source of the code snippet: https://gist.github.com/jed/982883 – raphaelrk Apr 05 '18 at 04:05
  • Also found a way to validate uuid4 in python: https://gist.github.com/ShawnMilo/7777304, and assume there isn't a much better way short of using probability/statistics. Thank you for all the help – raphaelrk Apr 05 '18 at 04:07

1 Answers1

2

You can use buffer to convert to hex conveniently.

const uuid = require('uuid')
const buffer = Buffer.alloc(16);

uuid.v4({}, buffer);
console.log(buffer.toString('hex'));

Not the cleanest and most elegant solution but will get the job done.

roarky
  • 148
  • 1
  • 7