From c95efee8ec32da73a961abb31bd62330eec19775 Mon Sep 17 00:00:00 2001
From: Amruth Pillai <im.amruth@gmail.com>
Date: Thu, 24 Mar 2022 08:45:22 +0100
Subject: [PATCH] perf(security): generate random salt rounds integer

---
 server/src/auth/auth.service.ts | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/server/src/auth/auth.service.ts b/server/src/auth/auth.service.ts
index daab9bff..e57814c1 100644
--- a/server/src/auth/auth.service.ts
+++ b/server/src/auth/auth.service.ts
@@ -3,6 +3,7 @@ import { ConfigService } from '@nestjs/config';
 import { JwtService } from '@nestjs/jwt';
 import { SchedulerRegistry } from '@nestjs/schedule';
 import bcrypt from 'bcrypt';
+import { randomInt } from 'crypto';
 import { google } from 'googleapis';
 
 import { PostgresErrorCode } from '@/database/errorCodes.enum';
@@ -22,12 +23,8 @@ export class AuthService {
     private jwtService: JwtService
   ) {}
 
-  private getRandomSaltRounds(min: number, max: number) {
-    return Math.floor(Math.random() * (max - min + 1) + min);
-  }
-
   async register(registerDto: RegisterDto) {
-    const hashedPassword = await bcrypt.hash(registerDto.password, this.getRandomSaltRounds(10, 20));
+    const hashedPassword = await bcrypt.hash(registerDto.password, randomInt(8, 12));
 
     try {
       const createdUser = await this.usersService.create({
@@ -78,7 +75,7 @@ export class AuthService {
 
   async resetPassword(resetPasswordDto: ResetPasswordDto) {
     const user = await this.usersService.findByResetToken(resetPasswordDto.resetToken);
-    const hashedPassword = await bcrypt.hash(resetPasswordDto.password, this.getRandomSaltRounds(10, 20));
+    const hashedPassword = await bcrypt.hash(resetPasswordDto.password, randomInt(8, 12));
 
     await this.usersService.update(user.id, {
       password: hashedPassword,