From 2397d80098a9a5e07cd655212e8ce6aa3512d888 Mon Sep 17 00:00:00 2001 From: Joe Date: Mon, 10 Nov 2025 10:42:19 -0500 Subject: [PATCH] Replace Math.random() with performance.now() in uuid() for pre-render builds in Next.js v16 Replace Math.random() with performance.now() in uuid() for pre-rendered caching in Next.js v16 Uses `performance.now()` as the primary entropy source, mixed with a counter and simple hashing. This is a replacement to using Math.random(). --- packages/core/auth-js/src/lib/helpers.ts | 27 ++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/packages/core/auth-js/src/lib/helpers.ts b/packages/core/auth-js/src/lib/helpers.ts index 132839ab1..b83ba8468 100644 --- a/packages/core/auth-js/src/lib/helpers.ts +++ b/packages/core/auth-js/src/lib/helpers.ts @@ -9,12 +9,27 @@ export function expiresAt(expiresIn: number) { return timeNow + expiresIn } -export function uuid() { - return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) { - const r = (Math.random() * 16) | 0, - v = c == 'x' ? r : (r & 0x3) | 0x8 - return v.toString(16) - }) +export function uuid(): string { + // Use performance.now() as primary entropy source + let counter = 0; + let state = 0; + + return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) { + // Use performance timer if available + const perf = typeof performance !== 'undefined' ? + Math.floor(performance.now() * 1000000) : counter; + + // Mix with counter using prime multiplication + const entropy = (perf * 16807) ^ (++counter * 2654435761); + + // Simple hash mixing + state = (state * 1103515245 + 12345) ^ entropy; + const r = (state >>> (counter % 28)) & 0xF; + + // Apply UUID v4 rules + const v = c == 'x' ? r : (r & 0x3) | 0x8; + return v.toString(16); + }); } export const isBrowser = () => typeof window !== 'undefined' && typeof document !== 'undefined'