use crypto/rand

auth/crypto.go

@@ -1,20 +1,20 @@
 package auth
 
 import (
-	"math/rand"
-	"time"
+	"crypto/rand"
 )
 
-func init() {
-	rand.Seed(time.Now().UnixNano())
-}
-
 const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 
 func randStringBytes(n int) string {
-	b := make([]byte, n)
-	for i := range b {
-		b[i] = letterBytes[rand.Intn(len(letterBytes))]
+	buf := make([]byte, n)
+	_, err := rand.Read(buf)
+	if err != nil {
+		panic(err)
 	}
-	return string(b)
+
+	for k, v := range buf {
+		buf[k] = letterBytes[v%byte(len(letterBytes))]
+	}
+	return string(buf)
 }

auth/handler.go

@@ -139,7 +139,7 @@ func (rs *Resource) token(w http.ResponseWriter, r *http.Request) {
 
 	if err := rs.store.SaveRefreshToken(token); err != nil {
 		log(r).Error(err)
-		render.Respond(w, r, ErrInternalServerError)
+		render.Render(w, r, ErrInternalServerError)
 		return
 	}
 
@@ -148,7 +148,7 @@ func (rs *Resource) token(w http.ResponseWriter, r *http.Request) {
 	acc.LastLogin = time.Now()
 	if err := rs.store.UpdateAccount(acc); err != nil {
 		log(r).Error(err)
-		render.Respond(w, r, ErrInternalServerError)
+		render.Render(w, r, ErrInternalServerError)
 		return
 	}
 
@@ -185,14 +185,14 @@ func (rs *Resource) refresh(w http.ResponseWriter, r *http.Request) {
 	access, refresh := rs.Token.GenTokenPair(acc, token)
 	if err := rs.store.SaveRefreshToken(token); err != nil {
 		log(r).Error(err)
-		render.Respond(w, r, ErrInternalServerError)
+		render.Render(w, r, ErrInternalServerError)
 		return
 	}
 
 	acc.LastLogin = time.Now()
 	if err := rs.store.UpdateAccount(acc); err != nil {
 		log(r).Error(err)
-		render.Respond(w, r, ErrInternalServerError)
+		render.Render(w, r, ErrInternalServerError)
 		return
 	}