fix: update random number generation for jitter and token cleanup logic

zerox80 · zerox80 · commit f9e799f1d6ac · 2026-04-07T11:27:10.000+02:00
diff --git a/backend/src/handlers/auth.rs b/backend/src/handlers/auth.rs
@@ -346,8 +346,8 @@ pub async fn login(
     };
 
     let jitter = {
-        use rand::Rng;
-        rand::thread_rng().gen_range(100..300)
+        let mut rng = rand::rng();
+        rng.random_range(100..300)
     };
     tokio::time::sleep(Duration::from_millis(jitter)).await;
 
@@ -417,7 +417,12 @@ pub async fn login(
 
     // Bug Fix 3: Probabilistic cleanup of expired tokens (1% chance)
     // This prevents the token_blacklist table from growing effectively unbounded.
-    if rand::thread_rng().gen_bool(0.01) {
+    let should_cleanup_blacklist = {
+        let mut rng = rand::rng();
+        rng.random_bool(0.01)
+    };
+
+    if should_cleanup_blacklist {
         let pool_clone = pool.clone();
         tokio::spawn(async move {
             if let Err(e) = repositories::token_blacklist::cleanup_expired(&pool_clone).await {
diff --git a/backend/src/routes/api.rs b/backend/src/routes/api.rs
@@ -20,7 +20,7 @@ use tower_http::services::ServeDir;
 /// - **Static Assets**: Serves the `uploads` directory safely via `tower-http`.
 pub fn routes(
     upload_dir: String,
-    admin_rate_limit_config: Arc<GovernorConfig<SmartIpKeyExtractor, NoOpMiddleware>>,
+    _admin_rate_limit_config: Arc<GovernorConfig<SmartIpKeyExtractor, NoOpMiddleware>>,
     public_rate_limit_config: Arc<GovernorConfig<SmartIpKeyExtractor, NoOpMiddleware>>,
 ) -> Router<DbPool> {
     Router::new()
