chore(webui): improve the randomness of session cookies

Closes #24

pkg/database/sessions.go

@@ -2,29 +2,28 @@ package database
 
 import (
 	"database/sql"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"time"
 
 	"git.adyxax.org/adyxax/tfstated/pkg/model"
-	"go.n16f.net/uuid"
+	"git.adyxax.org/adyxax/tfstated/pkg/scrypto"
 )
 
 func (db *DB) CreateSession(account *model.Account) (string, error) {
-	var sessionId uuid.UUID
-	if err := sessionId.Generate(uuid.V4); err != nil {
-		return "", fmt.Errorf("failed to generate session id: %w", err)
-	}
+	sessionBytes := scrypto.RandomBytes(32)
+	sessionId := base64.RawURLEncoding.EncodeToString(sessionBytes[:])
 	if _, err := db.Exec(
 		`INSERT INTO sessions(id, account_id, data)
 		   VALUES (?, ?, ?);`,
-		sessionId.String(),
+		sessionId,
 		account.Id,
 		"",
 	); err != nil {
 		return "", fmt.Errorf("failed insert new session in database: %w", err)
 	}
-	return sessionId.String(), nil
+	return sessionId, nil
 }
 
 func (db *DB) DeleteExpiredSessions() error {

pkg/webui/sessions.go

@@ -21,7 +21,7 @@ func sessionsMiddleware(db *database.DB) func(http.Handler) http.Handler {
 				return
 			}
 			if err == nil {
-				if len(cookie.Value) != 36 {
+				if len(cookie.Value) != 43 {
 					unsetSesssionCookie(w)
 				} else {
 					session, err := db.LoadSessionById(cookie.Value)