feat: 优化使用安全随机数生成器

2026-02-04 06:47:20 +08:00 · 2025-08-08 18:42:30 +08:00
parent 32a68b9a0b
commit 1917f8e8d4
1 changed files with 21 additions and 3 deletions
--- a/web/src/utils/common/common.ts
+++ b/web/src/utils/common/common.ts
@@ -30,10 +30,28 @@ export function toTimestamp(time: any) {
 /** 生成随机字符串 */
 export function generateRandomString(length: number) {
  const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+  const charactersLength = characters.length
  let result = ''
-  for (let i = 0; i < length; i++) {
-    const randomIndex = Math.floor(Math.random() * characters.length)
-    result += characters[randomIndex]
+  if (!window.crypto || !window.crypto.getRandomValues) {
+    // fallback to insecure Math.random if crypto is not available
+    for (let i = 0; i < length; i++) {
+      const randomIndex = Math.floor(Math.random() * charactersLength)
+      result += characters[randomIndex]
+    }
+    return result
+  }
+  // Use Uint8Array for random bytes
+  while (result.length < length) {
+    const randomBytes = new Uint8Array(length - result.length)
+    window.crypto.getRandomValues(randomBytes)
+    for (let i = 0; i < randomBytes.length && result.length < length; i++) {
+      // Only use values that map evenly to the character set to avoid bias
+      const maxValue = Math.floor(256 / charactersLength) * charactersLength
+      if (randomBytes[i] < maxValue) {
+        const randomIndex = randomBytes[i] % charactersLength
+        result += characters[randomIndex]
+      }
+    }
  }
  return result
 }