Feature/improve generation of random strings (#3196)

* Replace Math.random() with crypto.randomBytes() * Update changelog
3 months ago · 50391e199a
parent a33f8d5bed
commit 50391e199a
2 changed files with 5 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ### Changed

+- Replaced `Math.random()` with `crypto.randomBytes()` for generating cryptographically secure random strings
 - Upgraded `ionicons` from version `7.1.0` to `7.3.0`
 - Upgraded `yahoo-finance2` from version `2.10.0` to `2.11.0`
 - Upgraded `zone.js` from version `0.14.3` to `0.14.4`
--- a/apps/api/src/app/user/user.service.ts
+++ b/apps/api/src/app/user/user.service.ts
@ -452,14 +452,15 @@ export class UserService {
  }

  private getRandomString(length: number) {
+    const bytes = crypto.randomBytes(length);
    const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    const result = [];

    for (let i = 0; i < length; i++) {
-      result.push(
-        characters.charAt(Math.floor(Math.random() * characters.length))
-      );
+      const randomByte = bytes[i];
+      result.push(characters[randomByte % characters.length]);
    }
+
    return result.join('');
  }
 }