From 082a85180f761416ccaa98a99d494b7c64258c54 Mon Sep 17 00:00:00 2001
From: Hakan Shehu <hakanshehu15@gmail.com>
Date: Sun, 10 Nov 2024 01:50:00 +0100
Subject: [PATCH] Hash password with sha256 before bycrypt

---
 apps/server/src/routes/accounts.ts | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/apps/server/src/routes/accounts.ts b/apps/server/src/routes/accounts.ts
index 28726b8b..ce450e72 100644
--- a/apps/server/src/routes/accounts.ts
+++ b/apps/server/src/routes/accounts.ts
@@ -27,6 +27,7 @@ import { NodeUpdatedEvent } from '@/types/events';
 import { enqueueEvent } from '@/queues/events';
 import { SelectAccount } from '@/data/schema';
 import { createDefaultWorkspace } from '@/lib/workspaces';
+import { sha256 } from 'js-sha256';
 
 const GoogleUserInfoUrl = 'https://www.googleapis.com/oauth2/v1/userinfo';
 const SaltRounds = 10;
@@ -44,7 +45,8 @@ accountsRouter.post('/register/email', async (req: Request, res: Response) => {
     .executeTakeFirst();
 
   const salt = await bcrypt.genSalt(SaltRounds);
-  const password = await bcrypt.hash(input.password, salt);
+  const preHashedPassword = sha256(input.password);
+  const password = await bcrypt.hash(preHashedPassword, salt);
 
   let account: SelectAccount | null | undefined = null;
   if (existingAccount) {
@@ -123,7 +125,12 @@ accountsRouter.post('/login/email', async (req: Request, res: Response) => {
     });
   }
 
-  const passwordMatch = await bcrypt.compare(input.password, account.password);
+  const preHashedPassword = sha256(input.password);
+  const passwordMatch = await bcrypt.compare(
+    preHashedPassword,
+    account.password
+  );
+
   if (!passwordMatch) {
     return res.status(400).json({
       code: ApiError.EmailOrPasswordIncorrect,