Use crypto random bytes instead of a UUID for auth tokens

Both should be equally secure, but UUID formatting is needlessly long
and weird, it's an unnecessary dependency, and inefficient (it's 128
bits in theory, but 4 bites are constant so really just 122, and then
we're including dashes for formatting as well, and hex is not efficient
either).

Moving to crypto+base64url lets us boost the key size (122 to 160 bit)
and simultaneously shorten the token length. This also makes it clearer
that we're using cryptographically secure random values (really it
should been the same underlying source, but here we avoid hiding that
away & trusting the uuid dep).

Author: pimterry

package-lock.json

@@ -129,7 +129,6 @@
     "os-proxy-config": "^1.1.1",
     "rimraf": "^2.7.1",
     "semver": "^7.2.1",
-    "uuid": "^3.3.3",
     "yargs": "^15.1.0"
   },
   "devDependencies": {
@@ -141,7 +140,6 @@
     "@types/semver": "^7.3.4",
     "@types/targz": "^1.0.0",
     "@types/universal-analytics": "^0.4.3",
-    "@types/uuid": "^3.4.6",
     "@types/yargs": "^15.0.3",
     "babel-plugin-transform-async-to-generator": "^6.24.1",
     "babel-preset-env": "^1.7.0",

package.json

@@ -8,11 +8,11 @@ import * as os from 'os';
 import { promises as fs, createWriteStream, WriteStream } from 'fs'
 import * as net from 'net';
 import * as path from 'path';
+import * as crypto from 'crypto';
 import { promisify } from 'util';
 import * as querystring from 'querystring';
 import { URL } from 'url';
 import { app, BrowserWindow, shell, Menu, dialog, session, ipcMain } from 'electron';
-import * as uuid from 'uuid/v4';
 import * as yargs from 'yargs';
 import * as semver from 'semver';
 import * as rimraf from 'rimraf';
@@ -34,7 +34,7 @@ const packageJson = require('../package.json');
 const isWindows = os.platform() === 'win32';
 
 const APP_URL = process.env.APP_URL || 'https://app.httptoolkit.tech';
-const AUTH_TOKEN = uuid();
+const AUTH_TOKEN = crypto.randomBytes(20).toString('base64url');
 const DESKTOP_VERSION = packageJson.version;
 const BUNDLED_SERVER_VERSION = packageJson.config['httptoolkit-server-version'];
 if (!semver.parse(BUNDLED_SERVER_VERSION)) {