From 78ff27ae829038804c431a56022f037e63b1b67f Mon Sep 17 00:00:00 2001
From: nyne <me@nyne.dev>
Date: Fri, 30 May 2025 20:20:39 +0800
Subject: [PATCH] Use crypto/rand for secure key generation in JWT

---
 server/utils/jwt.go | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/server/utils/jwt.go b/server/utils/jwt.go
index 6a192cc..06d12a9 100644
--- a/server/utils/jwt.go
+++ b/server/utils/jwt.go
@@ -1,9 +1,9 @@
 package utils
 
 import (
+	"crypto/rand"
 	"errors"
 	"github.com/golang-jwt/jwt/v5"
-	"math/rand"
 	"os"
 	"time"
 )
@@ -19,13 +19,12 @@ func init() {
 		key = secret
 	} else {
 		// Initialize the key with a random value
-		chars := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
 		key = make([]byte, 32)
-		for i := range key {
-			r := rand.Intn(len(chars))
-			key[i] = byte(chars[r])
+		_, err := rand.Read(key)
+		if err != nil {
+			panic("Failed to generate random key: " + err.Error())
 		}
-		err = os.WriteFile(secretFilePath, key, 0644)
+		_ = os.WriteFile(secretFilePath, key, 0644)
 	}
 }