From 47debbcb06f80905b8ee12bff3da69b4cb9fb9e9 Mon Sep 17 00:00:00 2001
From: ekzyis <ek@stacker.news>
Date: Fri, 3 Jan 2025 16:42:28 +0100
Subject: [PATCH] Fix insecure default id for invites (#1789)

* Fix insecure default id for invites

* Use 16 bytes
---
 .../20250103150109_fix_invite_cuid_insecure/migration.sql       | 2 ++
 prisma/schema.prisma                                            | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 prisma/migrations/20250103150109_fix_invite_cuid_insecure/migration.sql

diff --git a/prisma/migrations/20250103150109_fix_invite_cuid_insecure/migration.sql b/prisma/migrations/20250103150109_fix_invite_cuid_insecure/migration.sql
new file mode 100644
index 00000000..400c0c26
--- /dev/null
+++ b/prisma/migrations/20250103150109_fix_invite_cuid_insecure/migration.sql
@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Invite" ALTER COLUMN "id" SET DEFAULT encode(gen_random_bytes(16), 'hex'::text);
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index dc38f489..ea6490f2 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -467,7 +467,7 @@ model LnWith {
 }
 
 model Invite {
-  id          String   @id @default(cuid())
+  id          String   @id @default(dbgenerated("encode(gen_random_bytes(16), 'hex'::text)"))
   createdAt   DateTime @default(now()) @map("created_at")
   updatedAt   DateTime @default(now()) @updatedAt @map("updated_at")
   userId      Int