From 0fa4e1107b0e280dfbbe75367c7106eca091d9db Mon Sep 17 00:00:00 2001
From: nocnico <nicolas@syntaxdev.de>
Date: Mon, 28 Apr 2025 20:22:39 +0200
Subject: [PATCH] Implement safe crypto

---
 .../_components/pannel/OpenButton.tsx         | 20 ----------
 apps/dispatch/app/dispatch/page.tsx           |  2 -
 apps/hub/app/(app)/admin/user/action.ts       |  7 +++-
 .../app/(auth)/oauth/_components/action.ts    | 40 +++++++++++--------
 apps/hub/app/(auth)/passwort-reset/action.ts  |  6 ++-
 5 files changed, 33 insertions(+), 42 deletions(-)
 delete mode 100644 apps/dispatch/app/dispatch/_components/pannel/OpenButton.tsx

diff --git a/apps/dispatch/app/dispatch/_components/pannel/OpenButton.tsx b/apps/dispatch/app/dispatch/_components/pannel/OpenButton.tsx
deleted file mode 100644
index b3dc1a33..00000000
--- a/apps/dispatch/app/dispatch/_components/pannel/OpenButton.tsx
+++ /dev/null
@@ -1,20 +0,0 @@
-"use client";
-import { usePannelStore } from "_store/pannelStore";
-import { cn } from "helpers/cn";
-
-export const OpenButton = () => {
-	const { setOpen, isOpen } = usePannelStore();
-	return (
-		<button
-			onClick={() => {
-				setOpen(true);
-			}}
-			className={cn(
-				"btn rounded-r-none absolute inset-y-2.5 right-0 z-999999 transition-all duration-500 ease",
-				isOpen && "transform translate-x-full",
-			)}
-		>
-			Neuer Einsatz
-		</button>
-	);
-};
diff --git a/apps/dispatch/app/dispatch/page.tsx b/apps/dispatch/app/dispatch/page.tsx
index 6987fde9..02ea12c2 100644
--- a/apps/dispatch/app/dispatch/page.tsx
+++ b/apps/dispatch/app/dispatch/page.tsx
@@ -1,6 +1,5 @@
 "use client";
 
-import { OpenButton } from "dispatch/_components/pannel/OpenButton";
 import { Pannel } from "dispatch/_components/pannel/Pannel";
 import { usePannelStore } from "_store/pannelStore";
 import { cn } from "helpers/cn";
@@ -13,7 +12,6 @@ const DispatchPage = () => {
 		<div className="relative flex-1 flex transition-all duration-500 ease w-full">
 			{/* <MapToastCard2 /> */}
 			<div className="flex flex-1 relative">
-				<OpenButton />
 				<Map />
 			</div>
 			<div
diff --git a/apps/hub/app/(app)/admin/user/action.ts b/apps/hub/app/(app)/admin/user/action.ts
index 4ade5733..0c55e489 100644
--- a/apps/hub/app/(app)/admin/user/action.ts
+++ b/apps/hub/app/(app)/admin/user/action.ts
@@ -1,5 +1,4 @@
 "use server";
-import { PrismaClient } from "@prisma/client";
 import { prisma, Prisma } from "@repo/db";
 import bcrypt from "bcryptjs";
 import { sendMailByTemplate } from "../../../../helper/mail";
@@ -14,7 +13,11 @@ export const editUser = async (id: string, data: Prisma.UserUpdateInput) => {
 };
 
 export const resetPassword = async (id: string) => {
-	const password = Math.random().toString(36).slice(-8);
+	const array = new Uint8Array(8);
+	crypto.getRandomValues(array);
+	const password = Array.from(array, (byte) =>
+		("0" + (byte % 36).toString(36)).slice(-1),
+	).join("");
 	const hashedPassword = await bcrypt.hash(password, 12);
 
 	const user = await prisma.user.update({
diff --git a/apps/hub/app/(auth)/oauth/_components/action.ts b/apps/hub/app/(auth)/oauth/_components/action.ts
index 52204e89..1385a754 100644
--- a/apps/hub/app/(auth)/oauth/_components/action.ts
+++ b/apps/hub/app/(auth)/oauth/_components/action.ts
@@ -1,24 +1,30 @@
-'use server';
-import { getServerSession } from '../../../api/auth/[...nextauth]/auth';
-import { Service } from '../page';
-import { PrismaClient } from '@repo/db';
+"use server";
+import { getServerSession } from "../../../api/auth/[...nextauth]/auth";
+import { Service } from "../page";
+import { PrismaClient } from "@repo/db";
 
 const prisma = new PrismaClient();
 
 export const generateToken = async (service: Service) => {
-  const session = await getServerSession();
-  if (!session) return null;
+	const session = await getServerSession();
+	if (!session) return null;
 
-  const accessToken = Array.from({ length: 10 }, () =>
-    Math.floor(Math.random() * 10)
-  ).join('');
+	const key = await crypto.subtle.generateKey(
+		{ name: "HMAC", hash: "SHA-256" },
+		true,
+		["sign"],
+	);
+	const exportedKey = await crypto.subtle.exportKey("raw", key);
+	const accessToken = Array.from(new Uint8Array(exportedKey))
+		.map((byte) => byte.toString(16).padStart(2, "0"))
+		.join("");
 
-  const code = await prisma.oAuthToken.create({
-    data: {
-      clientId: service.id,
-      userId: session.user.id,
-      accessToken: accessToken,
-    },
-  });
-  return code;
+	const code = await prisma.oAuthToken.create({
+		data: {
+			clientId: service.id,
+			userId: session.user.id,
+			accessToken: accessToken,
+		},
+	});
+	return code;
 };
diff --git a/apps/hub/app/(auth)/passwort-reset/action.ts b/apps/hub/app/(auth)/passwort-reset/action.ts
index f4c17585..83308f74 100644
--- a/apps/hub/app/(auth)/passwort-reset/action.ts
+++ b/apps/hub/app/(auth)/passwort-reset/action.ts
@@ -16,7 +16,11 @@ export const resetPassword = async (email: string) => {
 			return { error: "Nutzer nicht gefunden" };
 		}
 
-		const password = Math.random().toString(36).slice(-8);
+		const array = new Uint8Array(8);
+		crypto.getRandomValues(array);
+		const password = Array.from(array, (byte) =>
+			("0" + (byte % 36).toString(36)).slice(-1),
+		).join("");
 		const hashedPassword = await bcrypt.hash(password, 12);
 		await prisma.user.update({
 			where: {