Morax/tarot-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Implement secure random generation for session IDs and card shuffling

Browse Source
This commit is contained in:
Morax
2025-07-31 10:35:45 +08:00
parent 1ab822e58d
commit 6fe7e380cb
3 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/tarot/card-search.ts
View File

@@ -1,4 +1,5 @@
import { TarotCard } from './types.js';
import { getSecureRandom } from './utils.js';
export interface SearchOptions {
keyword?: string;
@@ -103,7 +104,8 @@ export class TarotCardSearch {
filteredCards = searchResults.map(result => result.card);
}
const shuffled = [...filteredCards].sort(() => Math.random() - 0.5);
// Use Fisher-Yates shuffle with secure random for true randomness
const shuffled = this.fisherYatesShuffle(filteredCards);
return shuffled.slice(0, Math.min(count, shuffled.length));
}
@@ -250,4 +252,16 @@ export class TarotCardSearch {
.sort((a, b) => b.count - a.count)
.slice(0, limit);
}
/**
* Fisher-Yates shuffle algorithm using cryptographically secure random
*/
private fisherYatesShuffle<T>(array: readonly T[]): T[] {
const shuffled = [...array];
for (let i = shuffled.length - 1; i > 0; i--) {
const j = Math.floor(getSecureRandom() * (i + 1));
[shuffled[i], shuffled[j]] = [shuffled[j], shuffled[i]];
}
return shuffled;
}
}