Replace bcrypt with argon2

This commit is contained in:
Aelita4 2024-03-27 22:51:41 +01:00
parent 80d9e9404c
commit 1bc6aa95b8
Signed by: Aelita4
GPG Key ID: E44490C2025906C1
6 changed files with 1758 additions and 1907 deletions

3608
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -10,11 +10,8 @@
"astro": "astro"
},
"dependencies": {
"astro": "^3.2.4",
"bcrypt": "^5.1.1",
"argon2": "^0.40.1",
"astro": "^4.5.10",
"mongodb": "^6.2.0"
},
"devDependencies": {
"@types/bcrypt": "^5.0.1"
}
}

View File

@ -4,14 +4,31 @@ import type Resources from '../../types/Resources';
import type Building from '../../types/Building';
import type AccessToken from '../../types/AccessToken';
import { ObjectId } from 'mongodb';
import { hash } from 'argon2'
import { createInitialResources } from '../utils/resourceManager';
export const getAllUsers = async () => {
const users = await Users();
return users.find({}).toArray() as Promise<User[]>;
}
export const createUser = async (user: User) => {
const newUser = await (await Users()).insertOne(user);
export const createUser = async (username: string, email: string, password: string) => {
const user: User = {
username,
email,
password: await hash(password),
lastLogin: new Date(),
createdAt: new Date(),
updatedAt: new Date(),
//@ts-ignore
resources: {}
}
await (await Users()).insertOne(user);
const newUser = await getUserByNickOrEmail(username);
if(!newUser) return user;
createInitialResources(newUser._id);
return newUser;
}

View File

@ -3,7 +3,7 @@ import type { ObjectId } from "mongodb";
import { Users } from "../../../../lib/db/mongodb";
import { getUserById, getUserByNickOrEmail } from "../../../../lib/db/users";
import validateAccessToken from "../../../../lib/utils/validateAccessToken";
import { hash, compare } from "bcrypt";
import { hash, verify } from 'argon2';
if(Astro.request.method === "PATCH") {
const response = await validateAccessToken(Astro.request);
@ -28,7 +28,7 @@ if(Astro.request.method === "PATCH") {
}), { status: 404 }
);
if(!(await compare(body['password'], user.password))) return new Response(
if(!(await verify(user.password, body['password']))) return new Response(
JSON.stringify({
code: 401,
message: "Unauthorized"
@ -88,7 +88,7 @@ if(Astro.request.method === "PATCH") {
}), { status: 400 }
);
const newPassword = await hash(body['newPassword'], 10);
const newPassword = await hash(body['newPassword']);
(await Users()).updateOne({ _id: user._id }, { $set: { password: newPassword } })
return new Response(

View File

@ -4,7 +4,7 @@ import NavBar from '../components/NavBar.astro';
import { getUserByNickOrEmail, updateLastLogin } from '../lib/db/users';
import { compare } from 'bcrypt';
import { verify } from 'argon2';
let error = "";
@ -25,7 +25,7 @@ if(Astro.request.method === "POST") {
const user = await getUserByNickOrEmail(username as string);
if(user !== null && await compare(password as string, user.password)) {
if(user !== null && await verify(user.password, password as string)) {
const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60;
const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {

View File

@ -3,9 +3,6 @@ import Layout from '../layouts/Layout.astro';
import NavBar from '../components/NavBar.astro';
import { createUser } from '../lib/db/users';
import type User from '../types/User';
import bcrypt from 'bcrypt';
let error = "";
@ -57,21 +54,7 @@ if(Astro.request.method === "POST") {
}
if(error === "") {
const user: User = {
username,
email,
password: await bcrypt.hash(password, 10),
lastLogin: new Date(),
createdAt: new Date(),
updatedAt: new Date(),
resources: {
coal: 1,
iron: 2,
gold: 3
}
}
await createUser(user);
const user = await createUser(username, email, password);
const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60;