From 11fcf8e1e0f3b6cfcd7fcf061731276804e571ab Mon Sep 17 00:00:00 2001
From: Alexey <peretsmobil@gmail.com>
Date: Wed, 29 Apr 2020 20:55:45 +0300
Subject: [PATCH 1/2] fix random

---
 pages/make-contribution.vue | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/pages/make-contribution.vue b/pages/make-contribution.vue
index 78f89c8..12911cd 100644
--- a/pages/make-contribution.vue
+++ b/pages/make-contribution.vue
@@ -186,14 +186,12 @@ export default {
         await timeout(100) // allow UI to update before freezing in wasm
         console.log('Source params', data)
 
-        let msgBuffer = new TextEncoder('utf-8').encode(userInput)
-        let hashBuffer = await window.crypto.subtle.digest('SHA-256', msgBuffer)
+        const msgBuffer = new TextEncoder('utf-8').encode(userInput)
+        const hashBuffer = await window.crypto.subtle.digest('SHA-256', msgBuffer)
         const entropyFromUser = new Uint8Array(hashBuffer)
         // console.log('entropyFromUser', entropyFromUser.toString())
 
-        msgBuffer = window.crypto.getRandomValues(new Uint8Array(1024))
-        hashBuffer = await window.crypto.subtle.digest('SHA-256', msgBuffer)
-        const entropyFromBrowser = new Uint8Array(hashBuffer)
+        const entropyFromBrowser = window.crypto.getRandomValues(new Uint8Array(32))
         // console.log('entropyFromBrowser', entropyFromBrowser.toString())
 
         // suffle the browser and user random

From 7766c70137447ecbba0624bb05b00a6b92d86417 Mon Sep 17 00:00:00 2001
From: Alexey <peretsmobil@gmail.com>
Date: Wed, 29 Apr 2020 21:08:48 +0300
Subject: [PATCH 2/2] fix

---
 server/controllers/contribute.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/controllers/contribute.js b/server/controllers/contribute.js
index e6bede6..ff4e515 100644
--- a/server/controllers/contribute.js
+++ b/server/controllers/contribute.js
@@ -84,8 +84,6 @@ router.post('/response', upload.single('response'), async (req, res) => {
         token = crypto.randomBytes(32).toString('hex')
       }
 
-      await Contribution.create({ name, company, handle, socialType, token })
-
       console.log('Contribution is correct, uploading to storage')
       if (process.env.DISABLE_S3 !== 'true') {
         await uploadToS3({ filename: req.file.filename, contributionIndex })
@@ -98,6 +96,8 @@ router.post('/response', upload.single('response'), async (req, res) => {
         `./server/snark_files/response_${contributionIndex}`
       )
 
+      await Contribution.create({ name, company, handle, socialType, token })
+
       console.log('Contribution finished.')
       res.json({ contributionIndex, token })
     } catch (e) {