kjanat/livedash-node
1
0
Fork 0
mirror of https://github.com/kjanat/livedash-node.git synced 2026-01-16 10:12:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from kjanat/alert-autofix-1

Browse Source 
Potential fix for code scanning alert no. 1: Insecure randomness
This commit is contained in:
Kaj Kowalski
2025-05-22 07:42:05 +02:00
committed by GitHub
parent 8284326016 7a3ebc30d3
commit 97af5d9dcf
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pages/api/dashboard/users.ts
View File

@ -1,4 +1,5 @@
import { NextApiRequest, NextApiResponse } from "next"; import { NextApiRequest, NextApiResponse } from "next";
import crypto from "crypto";
import { getServerSession } from "next-auth"; import { getServerSession } from "next-auth";
import { prisma } from "../../../lib/prisma"; import { prisma } from "../../../lib/prisma";
import bcrypt from "bcryptjs"; import bcrypt from "bcryptjs";
@ -43,7 +44,7 @@ export default async function handler(
return res.status(400).json({ error: "Missing fields" }); return res.status(400).json({ error: "Missing fields" });
const exists = await prisma.user.findUnique({ where: { email } }); const exists = await prisma.user.findUnique({ where: { email } });
if (exists) return res.status(409).json({ error: "Email exists" }); if (exists) return res.status(409).json({ error: "Email exists" });
const tempPassword = Math.random().toString(36).slice(-8); // random initial password const tempPassword = crypto.randomBytes(12).toString('base64').slice(0, 12); // secure random initial password
await prisma.user.create({ await prisma.user.create({
data: { data: {
email, email,