From ba13626d467176d09b6302ad31c83f5c74957c33 Mon Sep 17 00:00:00 2001
From: Sam Hadow <sam.hadow@inbox.lv>
Date: Sat, 8 Feb 2025 19:41:50 +0100
Subject: [PATCH] crypto.randomBytes() instead of Math.random()

---
 src/app.js                 | 4 +++-
 src/controllers/account.js | 8 +++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/app.js b/src/app.js
index 74ff019..65061a3 100644
--- a/src/app.js
+++ b/src/app.js
@@ -9,15 +9,17 @@ app.use(cookieParser());
 
 // bootstrap
 app.use('/css', express.static(__dirname + '/node_modules/bootstrap/dist/css'));
-// app.use(express.static('public'));
 
+//routes
 const routes = require(__dirname + '/routes');
 app.use("/", routes);
 
+//start server
 var server = http.listen(port, () => {
     console.log(`server is running on port ${server.address().port}`);
 });
 
+//socket.io
 io.on('connection', (socket) => {
     socket.on('chat message', (msg) => {
         console.log(`message: ${msg}, id: ${socket.id}`);
diff --git a/src/controllers/account.js b/src/controllers/account.js
index 113d022..3c923c3 100644
--- a/src/controllers/account.js
+++ b/src/controllers/account.js
@@ -1,12 +1,14 @@
+const crypto = require('crypto');
 
 const accountController = {
   getCookie: (req, res) => {
     console.log("site loaded")
     console.log(req.cookies)
-    var cookie = req.cookies.user;
+    let cookie = req.cookies.user;
     if (!cookie) {
-        var randomNumber=Math.random().toString();
-        randomNumber=randomNumber.substring(2,randomNumber.length);
+        //crypto.randomBytes() instead of Math.random() for cryptographically secure random numbers
+        let randomBuffer = crypto.randomBytes(16); // 128bits of entropy
+        let randomNumber = randomBuffer.toString('hex');
         let options = {
             maxAge: 86400000, // 1 day
             httpOnly: true