Equivalent to python's uuid.uuid4().hex in javascript?

About

Asked 5/4, 2018 at 3:33 Answered 12/3, 2021 at 18:27

javascript python security cryptography uuid

Python has functionality to create hex UUID's like so:

>>> import uuid
>>> uuid.uuid4().hex
'47be94c37e484e13ab04ed3c54a5b681'

Is it possible to do the same in client javascript, with the same hex formatting?
Is there a way to "validate" the UUID the client sends back? I.e. prevent or notice if a malicious user sends back "1234abcdsh*t..."

A solution idea is to just generate each of the 32 characters randomly on the frontend, but I don't know if there's anything special about the hex UUID's, and I'm also not sure if there's a good way to validate the client sent back a valid value (and not a series of 32 a's)

Edit: just realized there's nothing special about the "hex" formatting, it's just missing the dashes. Will leave that bullet up in case it confuses anyone else.

Armillary answered 5/4, 2018 at 3:33 Comment(9)

Is there a way to validate the client sends back a valid UUID? && I'm also not sure if there's a good way to validate the client sent back a valid value - can you clarify what it is you want then? (besides can you do this in JavaScript) – Dolf 5/4, 2018 at 3:35

Well that wasn't so hard...I like Google, I recommend it really: github.com/kelektiv/node-uuid – Dolf 5/4, 2018 at 3:37

Possible duplicate of Create GUID / UUID in JavaScript? – Dolf 5/4, 2018 at 3:38

while that duplicate has some interesting answers, for a v4 UUID nothing beats

const uuidv4 = () => ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c => (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16));

... or

const uuidv4hex = () => ([1e7,1e3,4e3,8e3,1e11].join('')).replace(/[018]/g, c => (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16));

for the .hex equivalent :p – Resorcinol 5/4, 2018 at 3:48

@JaromandaX the second function is what I was looking for! Would it be possible to add or link an explanation? Meanwhile, would still be interested if anyone knows how to make sure "abcd1234sh*t..." isn't sent back by a malicious user. – Armillary 5/4, 2018 at 3:52

well, validating would require code on the server to check - you haven't specified your server language, so, all I can say is that you need to make sure the 13th? character is 4, and and the 17th character is 8->f (I think) – Resorcinol 5/4, 2018 at 3:55

Server language is python3 (running flask) – Armillary 5/4, 2018 at 3:58

Ah, found the source of the code snippet: gist.github.com/jed/982883 – Armillary 5/4, 2018 at 4:5

Also found a way to validate uuid4 in python: gist.github.com/ShawnMilo/7777304, and assume there isn't a much better way short of using probability/statistics. Thank you for all the help – Armillary 5/4, 2018 at 4:7

You can use buffer to convert to hex conveniently.

const uuid = require('uuid')
const buffer = Buffer.alloc(16);

uuid.v4({}, buffer);
console.log(buffer.toString('hex'));

Not the cleanest and most elegant solution but will get the job done.

Pustulant answered 12/3, 2021 at 18:27 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags