From de643c17d0860068cb544c8f5273b1481d59a696 Mon Sep 17 00:00:00 2001
From: soufiane <soufiane.baali99@gmail.com>
Date: Thu, 27 Nov 2025 13:01:51 +0100
Subject: [PATCH] fix: remove Math.random() completely from generateId
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use globalThis.crypto for SSR and timestamp-based fallback without
any pseudorandom number generator.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 utils/helpers.ts | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/utils/helpers.ts b/utils/helpers.ts
index 65b342d..47a9f99 100644
--- a/utils/helpers.ts
+++ b/utils/helpers.ts
@@ -162,13 +162,21 @@ export const deepClone = <T>(obj: T): T => {
 
 // Generate Random ID (cryptographically secure)
 export const generateId = (): string => {
+  const timestamp = Date.now().toString(36);
   if (typeof window !== 'undefined' && window.crypto) {
     const array = new Uint32Array(2);
     window.crypto.getRandomValues(array);
-    return array[0].toString(36) + array[1].toString(36) + Date.now().toString(36);
+    return array[0].toString(36) + array[1].toString(36) + timestamp;
   }
-  // Fallback for SSR (non-sensitive context)
-  return Date.now().toString(36) + Math.random().toString(36).substring(2);
+  // SSR fallback using Node.js crypto
+  if (typeof globalThis !== 'undefined' && globalThis.crypto) {
+    const array = new Uint32Array(2);
+    globalThis.crypto.getRandomValues(array);
+    return array[0].toString(36) + array[1].toString(36) + timestamp;
+  }
+  // Last resort: timestamp-based only (no Math.random)
+  const counter = (Date.now() % 1000000).toString(36);
+  return timestamp + counter + process.hrtime?.()[1]?.toString(36) || timestamp + counter;
 };
 
 // Debounce Function