From 244ef0cb8f82b18c22990ece728f2e1fe8398a62 Mon Sep 17 00:00:00 2001
From: MeiMei <30769358+mei23@users.noreply.github.com>
Date: Sun, 29 Mar 2020 23:16:36 +0900
Subject: トークン系の乱数ソースではcryptoを使うように (#6200)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/server/api/endpoints/app/create.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/server/api/endpoints/app')

diff --git a/src/server/api/endpoints/app/create.ts b/src/server/api/endpoints/app/create.ts
index ac3e8a18d2..776865ffb6 100644
--- a/src/server/api/endpoints/app/create.ts
+++ b/src/server/api/endpoints/app/create.ts
@@ -1,9 +1,9 @@
-import rndstr from 'rndstr';
 import $ from 'cafy';
 import define from '../../define';
 import { Apps } from '../../../../models';
 import { genId } from '../../../../misc/gen-id';
 import { unique } from '../../../../prelude/array';
+import { secureRndstr } from '../../../../misc/secure-rndstr';
 
 export const meta = {
 	tags: ['app'],
@@ -60,7 +60,7 @@ export const meta = {
 
 export default define(meta, async (ps, user) => {
 	// Generate secret
-	const secret = rndstr('a-zA-Z0-9', 32);
+	const secret = secureRndstr(32, true);
 
 	// for backward compatibility
 	const permission = unique(ps.permission.map(v => v.replace(/^(.+)(\/|-)(read|write)$/, '$3:$1')));
-- 
cgit v1.2.3-freya