Skip to content

Commit

Permalink
scrypting
Browse files Browse the repository at this point in the history
  • Loading branch information
TheOtterlord committed Dec 1, 2024
1 parent 4b28ae0 commit 401380e
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 14 deletions.
5 changes: 0 additions & 5 deletions packages/studiocms_auth/src/integration.ts
Original file line number Diff line number Diff line change
Expand Up @@ -90,11 +90,6 @@ export default defineIntegration({
optimizeDeps: {
exclude: ['astro:db', 'three'],
},
build: {
rollupOptions: {
// external: ['@node-rs/argon2-linux-x64-gnu']
}
},
plugins: [
copy({
copyOnce: true,
Expand Down
24 changes: 18 additions & 6 deletions packages/studiocms_auth/src/lib/password.ts
Original file line number Diff line number Diff line change
@@ -1,17 +1,29 @@
import { scrypt as nodeScrypt } from 'node:crypto';
import { CMS_ENCRYPTION_KEY } from 'astro:env/server';
import { checkIfUnsafe } from '@matthiesenxyz/integration-utils/securityUtils';
import { hashSync, verify } from '@node-rs/argon2';
import { sha1 } from '@oslojs/crypto/sha1';
import { encodeHexLowerCase } from '@oslojs/encoding';

type RemoveLast<T extends unknown[]> = T extends [...infer Rest, infer _Last] ? Rest : never;

function scrypt(...opts: RemoveLast<Parameters<typeof nodeScrypt>>): Promise<Buffer> {
return new Promise((res, rej) => {
nodeScrypt(...opts, (err, derivedKey) => {
if (err) rej(err)
else res(derivedKey)
});
});
}

/**
* Hashes a plain text password using bcrypt.
*
* @param password - The plain text password to hash.
* @returns A promise that resolves to the hashed password.
*/
export function hashPassword(password: string): string {
const hashedPassword = hashSync(password);
return hashedPassword;
export async function hashPassword(password: string): Promise<string> {
const hashedPassword = await scrypt(password, CMS_ENCRYPTION_KEY, 64, {});
return hashedPassword.toString();
}

/**
Expand All @@ -22,8 +34,8 @@ export function hashPassword(password: string): string {
* @returns A promise that resolves to a boolean indicating whether the password matches the hash.
*/
export async function verifyPasswordHash(hash: string, password: string): Promise<boolean> {
const passwordMatch = await verify(password, hash);
return passwordMatch;
const passwordHash = await hashPassword(password);
return passwordHash === hash;
}

/**
Expand Down
4 changes: 2 additions & 2 deletions packages/studiocms_auth/src/lib/user.ts
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ export async function createLocalUser(
email: string,
password: string
): Promise<UserTable> {
const passwordHash = hashPassword(password);
const passwordHash = await hashPassword(password);

const avatar = await createUserAvatar(email);

Expand Down Expand Up @@ -139,7 +139,7 @@ export const LinkNewOAuthCookieName = 'link-new-o-auth';
* @returns A promise that resolves when the password has been successfully updated.
*/
export async function updateUserPassword(userId: string, password: string): Promise<void> {
const passwordHash = hashPassword(password);
const passwordHash = await hashPassword(password);

await db.update(tsUsers).set({ password: passwordHash }).where(eq(tsUsers.id, userId));
}
Expand Down
1 change: 0 additions & 1 deletion pnpm-workspace.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,6 @@ catalogs:
'@oslojs/crypto': ^1.0.1
'@oslojs/encoding': ^1.1.0
'@oslojs/binary': ^1.0.0
'@node-rs/argon2': ^2.0.0
'@types/three': 0.169.0
'@types/bcryptjs': ^2.4.6
bcryptjs: ^2.4.3
Expand Down

0 comments on commit 401380e

Please sign in to comment.