From 02975a0abd6bd8685354f65fdb32029b8dba819b Mon Sep 17 00:00:00 2001
From: Levente Orban <leventeorb@gmail.com>
Date: Tue, 28 Oct 2025 07:46:02 +0100
Subject: [PATCH] fix: insecure randomness

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/lib/generateUserId.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lib/generateUserId.ts b/src/lib/generateUserId.ts
index fd8ecee..2d97717 100644
--- a/src/lib/generateUserId.ts
+++ b/src/lib/generateUserId.ts
@@ -1,5 +1,8 @@
+import { randomBytes } from 'crypto';
+
 export const generateUserId = () => {
-	const userId = 'user_' + Date.now() + '_' + Math.random().toString(36).substr(2, 9);
+	const secureRandomString = randomBytes(8).toString('base36').substr(0, 9);
+	const userId = 'user_' + Date.now() + '_' + secureRandomString;
 
 	return userId;
 };