[BREAKING] Auth: replace current auth tokens with more secure ones

previously tokens were only like IDs, time based and incrementing counter.
An attacker could easily bruteforce them.
This patch changes tokens to be completely random.

fixes #2

server/api/login.post.ts

@@ -4,7 +4,7 @@ import { defineEventHandler, getCookie, setCookie, readBody } from "h3";
 import { database } from "../utils/database";
 import { isString } from "../utils/isString";
 import { cookieSettings } from "../utils/rootUtils";
-import Snowflake from "~/utils/snowflake";
+import SessionToken from "../utils/SessionToken";
 
 import { createError } from "#imports";
 
@@ -40,14 +40,11 @@ export default defineEventHandler(async (e) => {
 
   if (account === null) throw createError({ statusCode: 400, message: "Invalid username or password." });
 
-  const sessionId = new Snowflake();
+  const session = new SessionToken(account.id);
 
   await database.session.create({
-    data: {
-      id: sessionId.state,
-      userId: account.id,
-    },
+    data: session.toPrisma(),
   });
-  setCookie(e, "token", sessionId.toString(), cookieSettings);
-  return { message: "Login successful", token: sessionId.toString() };
+  setCookie(e, "token", session.toString(), cookieSettings);
+  return { message: "Login successful", token: session.toString() };
 });