From 24fa12861d247198b7285023470952e177ecdf6f Mon Sep 17 00:00:00 2001
From: Dinesh Talwadker <talwadkerdinesh@gmail.com>
Date: Thu, 19 Dec 2024 02:11:29 +0530
Subject: [PATCH] Fix code scanning alert no. 1: Insecure randomness

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 app/api/sign-up/route.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/api/sign-up/route.ts b/app/api/sign-up/route.ts
index 1f4e597..5b99aa0 100644
--- a/app/api/sign-up/route.ts
+++ b/app/api/sign-up/route.ts
@@ -2,6 +2,7 @@ import { sendVerificationEmail } from "../../../components/emails/sendVerificati
 import dbConnect from "../../../lib/dbConnect";
 import UserModel from "../../../model/User";
 import bcrypt from "bcryptjs";
+import crypto from "crypto";
 
 export async function POST(request) {
     await dbConnect();
@@ -23,7 +24,7 @@ export async function POST(request) {
 
         const existingUserByEmail = await UserModel.findOne({ email });
 
-        let verifyCode = Math.floor(100000 + Math.random() * 900000).toString();
+        let verifyCode = crypto.randomInt(100000, 1000000).toString();
 
         if (existingUserByEmail) {
             if (existingUserByEmail.twoFactorActivated) {