From 83af8ec5b435db6cc64bf8cad87ce5f1b0b7d25d Mon Sep 17 00:00:00 2001
From: NotAShelf <raf@notashelf.dev>
Date: Tue, 10 Feb 2026 12:32:06 +0300
Subject: [PATCH] pinakes-server: fix session token generation to use manual
 charset

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I80848fad9272ea7c199b17124ce767ce6a6a6964
---
 crates/pinakes-server/src/routes/auth.rs | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/crates/pinakes-server/src/routes/auth.rs b/crates/pinakes-server/src/routes/auth.rs
index b64bab0..1ca67a4 100644
--- a/crates/pinakes-server/src/routes/auth.rs
+++ b/crates/pinakes-server/src/routes/auth.rs
@@ -73,11 +73,14 @@ pub async fn login(
     let user = user.expect("user should exist at this point");
 
     // Generate session token
-    use rand::Rng;
-    let token: String = rand::rng()
-        .sample_iter(&rand::distr::Alphanumeric)
-        .take(48)
-        .map(char::from)
+    let token: String = (0..48)
+        .map(|_| {
+            const CHARSET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+                                      abcdefghijklmnopqrstuvwxyz\
+                                      0123456789";
+            let idx = (rand::random::<u32>() as usize) % CHARSET.len();
+            CHARSET[idx] as char
+        })
         .collect();
 
     let role = user.role;