sam.hadow/e2ee-messaging-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto.randomBytes() instead of Math.random()

Browse Source
This commit is contained in:
Sam Hadow
2025-02-08 19:41:50 +01:00
parent 8250e4f98f
commit ba13626d46
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/controllers/account.js
View File

@ -1,12 +1,14 @@
const crypto = require('crypto');
const accountController = {
getCookie: (req, res) => {
console.log("site loaded")
console.log(req.cookies)
var cookie = req.cookies.user;
let cookie = req.cookies.user;
if (!cookie) {
var randomNumber=Math.random().toString();
randomNumber=randomNumber.substring(2,randomNumber.length);
//crypto.randomBytes() instead of Math.random() for cryptographically secure random numbers
let randomBuffer = crypto.randomBytes(16); // 128bits of entropy
let randomNumber = randomBuffer.toString('hex');
let options = {
maxAge: 86400000, // 1 day
httpOnly: true