using crypto for random string

2 files changed, 5 insertions, 9 deletions

diff --git a/auth.js b/auth.js
index 872b4aa..8ee803d 100644
--- a/auth.js
+++ b/auth.js
@@ -2,8 +2,8 @@ export default {
 
   async logIn(graffitiURL) {
     // Generate a random client secret and state
-    const clientSecret = this.randomString()
-    const state = this.randomString()
+    const clientSecret = crypto.randomUUID()
+    const state = crypto.randomUUID()
 
     // The client ID is the secret's hex hash
     const clientID = await this.sha256(clientSecret)
@@ -114,10 +114,6 @@ export default {
     return url
   },
 
-  randomString() {
-    return Math.random().toString(36).substr(2)
-  },
-
   async sha256(input) {
     const encoder = new TextEncoder()
     const inputBytes = encoder.encode(input)
diff --git a/graffiti.js b/graffiti.js
index 1b3365e..94e1ebe 100644
--- a/graffiti.js
+++ b/graffiti.js
@@ -52,7 +52,7 @@ export default class {
 
   async request(msg) {
     // Create a random message ID
-    const messageID = Auth.randomString()
+    const messageID = crypto.randomUUID()
 
     // Create a listener for the reply
     const dataPromise = new Promise(resolve => {
@@ -149,7 +149,7 @@ export default class {
     queryID=null) {
 
     // Create a random query ID
-    if (!queryID) queryID = Auth.randomString()
+    if (!queryID) queryID = crypto.randomUUID()
 
     // Send the request
     await this.request({
@@ -209,7 +209,7 @@ export default class {
     }
 
     // Pre-generate the object's ID if it does not already exist
-    if (!object._id) object._id = Auth.randomString()
+    if (!object._id) object._id = crypto.randomUUID()
   }
 
   // Utility function to get a universally unique string