Junie: security cleanups.

2025-06-06 13:50:37 -07:00
parent 95d96732d2
commit 23c7a65799
13 changed files with 812 additions and 119 deletions
--- a/cmd/mcias/token.go
+++ b/cmd/mcias/token.go
@@ -1,7 +1,9 @@
 package main

 import (
+	"crypto/rand"
 	"database/sql"
+	"encoding/hex"
 	"fmt"
 	"log"
 	"os"
@@ -76,7 +78,14 @@ func addToken() {
 		logger.Fatalf("Failed to check if user exists: %v", err)
 	}

-	token := ulid.Make().String()
+	// Generate 16 bytes of random data
+	tokenBytes := make([]byte, 16)
+	if _, err := rand.Read(tokenBytes); err != nil {
+		logger.Fatalf("Failed to generate random token: %v", err)
+	}
+
+	// Hex encode the random bytes to get a 32-character string
+	token := hex.EncodeToString(tokenBytes)

 	expires := time.Now().Add(time.Duration(tokenDuration) * time.Hour).Unix()