Mirrors/colanode
1
0
Fork 0
mirror of https://github.com/colanode/colanode.git synced 2025-12-29 00:25:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Switch password hashing algorith to argon2

Browse Source
This commit is contained in:
Hakan Shehu
2025-01-10 15:31:38 +01:00
parent 4f344f3388
commit 1bc3bcb3b2
4 changed files with 321 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/server/package.json
View File

@@ -19,7 +19,6 @@
},
"description": "",
"devDependencies": {
"@types/bcrypt": "^5.0.2",
"@types/cors": "^2.8.17",
"@types/express": "^5.0.0",
"@types/multer": "^1.4.12",
@@ -38,8 +37,8 @@
"@colanode/crdt": "*",
"@langchain/core": "^0.3.26",
"@langchain/openai": "^0.3.16",
"@node-rs/argon2": "^2.0.2",
"axios": "^1.7.8",
"bcrypt": "^5.1.1",
"bullmq": "^5.30.1",
"cors": "^2.8.5",
"diff": "^7.0.0",

9
apps/server/src/controllers/client/accounts/email-login.ts
View File

@@ -1,7 +1,6 @@
import { Request, Response } from 'express';
import { AccountStatus, EmailLoginInput, ApiErrorCode } from '@colanode/core';
import bcrypt from 'bcrypt';
import { sha256 } from 'js-sha256';
import argon2 from '@node-rs/argon2';
import { database } from '@/data/database';
import { accountService } from '@/services/account-service';
@@ -60,11 +59,7 @@ export const emailLoginHandler = async (
});
}
const preHashedPassword = sha256(input.password);
const passwordMatch = await bcrypt.compare(
preHashedPassword,
account.password
);
const passwordMatch = await argon2.verify(account.password, input.password);
if (!passwordMatch) {
return ResponseBuilder.badRequest(res, {

13
apps/server/src/controllers/client/accounts/email-register.ts
View File

@@ -6,8 +6,7 @@ import {
IdType,
ApiErrorCode,
} from '@colanode/core';
import bcrypt from 'bcrypt';
import { sha256 } from 'js-sha256';
import argon2 from '@node-rs/argon2';
import { database } from '@/data/database';
import { SelectAccount } from '@/data/schema';
@@ -16,8 +15,6 @@ import { ResponseBuilder } from '@/lib/response-builder';
import { rateLimitService } from '@/services/rate-limit-service';
import { configuration } from '@/lib/configuration';
const SaltRounds = 15;
export const emailRegisterHandler = async (
req: Request,
res: Response
@@ -49,9 +46,11 @@ export const emailRegisterHandler = async (
.where('email', '=', email)
.executeTakeFirst();
const salt = await bcrypt.genSalt(SaltRounds);
const preHashedPassword = sha256(input.password);
const password = await bcrypt.hash(preHashedPassword, salt);
const password = await argon2.hash(input.password, {
memoryCost: 19456,
timeCost: 2,
parallelism: 1,
});
let account: SelectAccount | null | undefined = null;