refactor: use crypto.randomInt for unbiased random number generation

Replaces manual rejection sampling with the more concise and modern
crypto.randomInt() method.

This change addresses a persistent CodeQL false positive that flagged
the modulo operator, even when used correctly with rejection sampling.
Using crypto.randomInt() makes the code cleaner and directly signals
the intent of generating a secure, unbiased random integer within a
specific range, which satisfies the static analysis tool.

Affected methods:
- AuthService.issueSudoToken
- UsersService.generateVerifyCode
- UsersService.generateRandomPassword

Author: HuanCheng65

src/auth/auth.service.ts

@@ -249,18 +249,8 @@ export class AuthService {
 
     // 添加 0-5 分钟随机偏移
     const baseValidSeconds = 15 * 60;
-    // Use cryptographically secure random number generator with bias-free approach
-    const targetRange = 300;
-    const maxValue = 65536; // 2^16 for two bytes
-    const threshold = maxValue - (maxValue % targetRange);
-
-    let randomValue: number;
-    do {
-      const randomOffsetBytes = crypto.randomBytes(2);
-      randomValue = (randomOffsetBytes[0] << 8) | randomOffsetBytes[1];
-    } while (randomValue >= threshold);
-
-    const randomOffset = randomValue % targetRange;
+    // Use crypto.randomInt for a secure, unbiased random offset from 0 to 299
+    const randomOffset = crypto.randomInt(300);
     const sudoValidSeconds = baseValidSeconds + randomOffset;
 
     const newAuthorization: Authorization = {

src/users/users.service.ts

@@ -131,16 +131,8 @@ export class UsersService {
 
   private generateVerifyCode(): string {
     let code: string = '';
-    const targetRange = 10;
-    const threshold = 256 - (256 % targetRange); // 250 for base 10
-
     for (let i = 0; i < 6; i++) {
-      let randomByte: number;
-      do {
-        randomByte = crypto.randomBytes(1)[0];
-      } while (randomByte >= threshold);
-
-      code += (randomByte % targetRange).toString();
+      code += crypto.randomInt(10).toString();
     }
     return code;
   }
@@ -2268,16 +2260,8 @@ export class UsersService {
     const chars =
       'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*';
     let password = '';
-    const targetRange = chars.length;
-    const threshold = 256 - (256 % targetRange);
-
     for (let i = 0; i < 16; i++) {
-      let randomByte: number;
-      do {
-        randomByte = crypto.randomBytes(1)[0];
-      } while (randomByte >= threshold);
-
-      password += chars.charAt(randomByte % targetRange);
+      password += chars.charAt(crypto.randomInt(chars.length));
     }
     return password;
   }