Initial commit - realms platform

backend/src/services/DatabaseService.cpp

@@ -1,9 +1,9 @@
 #include "DatabaseService.h"
 #include "../services/RedisHelper.h"
 #include <drogon/orm/DbClient.h>
-#include <random>
 #include <sstream>
 #include <iomanip>
+#include <openssl/rand.h>
 
 using namespace drogon;
 using namespace drogon::orm;
@@ -12,22 +12,25 @@ namespace {
     void storeKeyInRedis(const std::string& streamKey) {
         // Store the stream key in Redis for validation (24 hour TTL)
         bool stored = RedisHelper::storeKey("stream_key:" + streamKey, "1", 86400);
-        
+
         if (stored) {
             LOG_INFO << "Stored stream key in Redis: " << streamKey;
         } else {
             LOG_ERROR << "Failed to store key in Redis: " << streamKey;
         }
     }
-    
+
+    // SECURITY FIX: Use cryptographically secure random bytes instead of mt19937
     std::string generateStreamKey() {
-        std::random_device rd;
-        std::mt19937 gen(rd());
-        std::uniform_int_distribution<> dis(0, 255);
-        
+        unsigned char bytes[32];  // 32 bytes = 64 hex characters
+        if (RAND_bytes(bytes, sizeof(bytes)) != 1) {
+            LOG_ERROR << "Failed to generate cryptographically secure random bytes";
+            throw std::runtime_error("Failed to generate secure stream key");
+        }
+
         std::stringstream ss;
-        for (int i = 0; i < 16; ++i) {
-            ss << std::hex << std::setw(2) << std::setfill('0') << dis(gen);
+        for (size_t i = 0; i < sizeof(bytes); ++i) {
+            ss << std::hex << std::setw(2) << std::setfill('0') << static_cast<int>(bytes[i]);
         }
         return ss.str();
     }