use crypto for random token generation; not async

stackernews · Jan 14, 2025 · 08a148e · 08a148e
1 parent e7f781f
commit 08a148e
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/pages/api/auth/[...nextauth].js b/pages/api/auth/[...nextauth].js
@@ -1,4 +1,4 @@
-import { createHash } from 'node:crypto'
+import { createHash, randomInt } from 'node:crypto'
 import NextAuth from 'next-auth'
 import CredentialsProvider from 'next-auth/providers/credentials'
 import GitHubProvider from 'next-auth/providers/github'
@@ -273,7 +273,7 @@ const getProviders = res => [
     server: process.env.LOGIN_EMAIL_SERVER,
     from: process.env.LOGIN_EMAIL_FROM,
     maxAge: 5 * 60, // expires in 5 minutes
-    generateVerificationToken: async () => { return await randomizeToken() },
+    generateVerificationToken: randomizeToken,
     sendVerificationRequest
   })
 ]
@@ -369,7 +369,7 @@ export default async (req, res) => {
 }
 
 function randomizeToken () {
-  return Math.floor(100000 + Math.random() * 900000).toString()
+  return randomInt(100000, 1000000).toString()
 }
 
 async function sendVerificationRequest ({