wibu/desa-darmasaba
1
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix(auth): ganti Math.random() dengan crypto.randomInt untuk OTP

Browse Source 
Math.random() bukan CSPRNG sehingga OTP dapat diprediksi. Diganti dengan
crypto.randomInt(1000, 10000) dari Node.js built-in crypto module.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
nico
2026-06-08 16:15:39 +08:00
parent b0a020871f
commit c5bbafa20a
2 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/app/api/auth/_lib/randomOTP.ts
View File

@@ -1,4 +1,5 @@
import { randomInt } from "crypto";
export function randomOTP() {
const random = Math.floor(Math.random() * (9000 - 1000 )) + 1000
return random;
return randomInt(1000, 10000);
}