fix: use standard UUID v4 for keys instead of custom 256-bit hex format

2026-03-17 06:26:52 +04:00 · 2026-03-17 06:26:52 +04:00 · b80f4673b2
parent bbd5df8c46
commit b80f4673b2
2 changed files with 3 additions and 5 deletions
--- a/apps/web/src/dashboard/index.html
+++ b/apps/web/src/dashboard/index.html
@ -21,9 +21,9 @@
        <form id="login-form" action="/account/login" method="POST">
          <input type="hidden" name="_form" value="1">
          <label class="block text-xs text-gray-500 uppercase tracking-wider mb-2">Account Key</label>
-          <input id="key-input" name="key" type="text" placeholder="XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX" autocomplete="off" spellcheck="false"
+          <input id="key-input" name="key" type="text" placeholder="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" autocomplete="off" spellcheck="false"
            class="w-full bg-gray-800 border border-gray-700 rounded-lg px-4 py-3 text-gray-100 placeholder-gray-600 focus:outline-none focus:border-blue-500 text-sm font-mono tracking-wider"
-            maxlength="71">
+            maxlength="36">
          <button type="submit"
            class="w-full mt-3 bg-blue-600 hover:bg-blue-500 text-white font-medium py-3 rounded-lg transition-colors">
            Sign In
--- a/apps/web/src/routes/auth.ts
+++ b/apps/web/src/routes/auth.ts
@ -3,9 +3,7 @@ import { randomBytes, createHash } from "crypto";
 import sql from "../db";

 function generateKey(): string {
-  const hex = randomBytes(32).toString("hex"); // 64 hex chars
-  // Format as 8 groups of 8: XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX
-  return (hex.match(/.{8}/g) as string[]).join("-").toUpperCase();
+  return crypto.randomUUID(); // standard UUID v4, 128-bit, familiar format
 }

 function normalizeKey(raw: string): string {