Replace math rand with crypto rand

lib/service/user.go

@@ -3,7 +3,6 @@ package service
 import (
 	"context"
 	"database/sql"
-	"math/rand"
 
 	"github.com/getAlby/lndhub.go/common"
 	"github.com/getAlby/lndhub.go/db/models"
@@ -18,11 +17,19 @@ func (svc *LndhubService) CreateUser(ctx context.Context, login string, password
 	// generate user login/password if not provided
 	user.Login = login
 	if login == "" {
-		user.Login = randStringBytes(20)
+		randLoginBytes, err := randBytesFromStr(20, alphaNumBytes)
+		if err != nil {
+			return nil, err
+		}
+		user.Login = string(randLoginBytes)
 	}
 
 	if password == "" {
-		password = randStringBytes(20)
+		randPasswordBytes, err := randBytesFromStr(20, alphaNumBytes)
+		if err != nil {
+			return nil, err
+		}
+		password = string(randPasswordBytes)
 	}
 
 	// we only store the hashed password but return the initial plain text password in the HTTP response
@@ -112,11 +119,3 @@ func (svc *LndhubService) InvoicesFor(ctx context.Context, userId int64, invoice
 	}
 	return invoices, nil
 }
-
-func randStringBytes(n int) string {
-	b := make([]byte, n)
-	for i := range b {
-		b[i] = alphaNumBytes[rand.Intn(len(alphaNumBytes))]
-	}
-	return string(b)
-}