From c307ffd52d5d546b89dcaa63cef3f5df886d0b68 Mon Sep 17 00:00:00 2001
From: Tim <contact@bytim.eu>
Date: Sun, 27 Apr 2025 13:52:19 +0200
Subject: Make pkce utils more secure

---
 VPNAuth.Server/PkceUtils.cs | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/VPNAuth.Server/PkceUtils.cs b/VPNAuth.Server/PkceUtils.cs
index a11926e..2299685 100644
--- a/VPNAuth.Server/PkceUtils.cs
+++ b/VPNAuth.Server/PkceUtils.cs
@@ -1,17 +1,24 @@
-namespace VPNAuth.Server;
+using System.Security.Cryptography;
+
+namespace VPNAuth.Server;
 
 public static class PkceUtils
 {
     private static string _codeChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789";
+    private static string _tokenChars = _codeChars + ".!$";
 
-    public static string GenerateCode(int length = 10)
+    private static string GenerateRandomString(string availableChars, int length)
     {
-        string code = "";
+        string randomString = "";
         for (int i = 0; i < length; i++)
-            code += _codeChars[new Random().Next(_codeChars.Length)]; // TODO: Is that function random enough?
-        return code;
+            randomString +=
+                availableChars[RandomNumberGenerator.GetInt32(availableChars.Length)];
+        return randomString;
     }
 
+    public static string GenerateCode(int length = 10)
+        => GenerateRandomString(_codeChars, length);
+
     public static string GenerateToken(int length = 20)
-        => GenerateCode(length); // TODO: maybe add more possible chars then for GenerateCode
+        => GenerateRandomString(_tokenChars, length);
 }
-- 
cgit v1.2.3