From 0a3dd0a9bc0b6143db866dcaffb5c4c8c491369b Mon Sep 17 00:00:00 2001
From: Mathias Buus <mathiasbuus@gmail.com>
Date: Fri, 5 Jan 2018 08:40:28 +0100
Subject: [PATCH 1/2] Make the default secrets secure

---
 index.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index 9d6b394..1ee1090 100644
--- a/index.js
+++ b/index.js
@@ -4,6 +4,7 @@ const async = require('async');
 const cookieSign = require('cookie-signature');
 const deepcopy = require('deepcopy');
 const rrs = require('request-retry-stream');
+const crypto = require('crypto')
 
 const getCookie = routilCookie.getCookie;
 const setCookie = routilCookie.setCookie;
@@ -21,8 +22,8 @@ var toFunction = function (str) {
 	};
 };
 
-var defaultRandomSecret = Math.random().toString();
-var ghSecretState = Math.random().toString();
+var defaultRandomSecret = crypto.randomBytes(32).toString('hex');
+var ghSecretState = crypto.randomBytes(32).toString('hex');
 
 module.exports = function (clientId, clientSecret, config) {
 	// We don't want to accidentally mutate the object we were passed.

From 2f420053e8f45842fa12d0c901b0dc7c8c2eec7c Mon Sep 17 00:00:00 2001
From: Mathias Buus <mathiasbuus@gmail.com>
Date: Fri, 5 Jan 2018 08:58:38 +0100
Subject: [PATCH 2/2] style

---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 1ee1090..a9063ff 100644
--- a/index.js
+++ b/index.js
@@ -4,7 +4,7 @@ const async = require('async');
 const cookieSign = require('cookie-signature');
 const deepcopy = require('deepcopy');
 const rrs = require('request-retry-stream');
-const crypto = require('crypto')
+const crypto = require('crypto');
 
 const getCookie = routilCookie.getCookie;
 const setCookie = routilCookie.setCookie;