Replace bcrypt with argon2

This commit is contained in:
Aelita4 2024-03-27 22:51:41 +01:00
parent 80d9e9404c
commit 1bc6aa95b8
Signed by: Aelita4
GPG Key ID: E44490C2025906C1
6 changed files with 1758 additions and 1907 deletions

3606
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -10,11 +10,8 @@
"astro": "astro" "astro": "astro"
}, },
"dependencies": { "dependencies": {
"astro": "^3.2.4", "argon2": "^0.40.1",
"bcrypt": "^5.1.1", "astro": "^4.5.10",
"mongodb": "^6.2.0" "mongodb": "^6.2.0"
},
"devDependencies": {
"@types/bcrypt": "^5.0.1"
} }
} }

View File

@ -4,14 +4,31 @@ import type Resources from '../../types/Resources';
import type Building from '../../types/Building'; import type Building from '../../types/Building';
import type AccessToken from '../../types/AccessToken'; import type AccessToken from '../../types/AccessToken';
import { ObjectId } from 'mongodb'; import { ObjectId } from 'mongodb';
import { hash } from 'argon2'
import { createInitialResources } from '../utils/resourceManager';
export const getAllUsers = async () => { export const getAllUsers = async () => {
const users = await Users(); const users = await Users();
return users.find({}).toArray() as Promise<User[]>; return users.find({}).toArray() as Promise<User[]>;
} }
export const createUser = async (user: User) => { export const createUser = async (username: string, email: string, password: string) => {
const newUser = await (await Users()).insertOne(user); const user: User = {
username,
email,
password: await hash(password),
lastLogin: new Date(),
createdAt: new Date(),
updatedAt: new Date(),
//@ts-ignore
resources: {}
}
await (await Users()).insertOne(user);
const newUser = await getUserByNickOrEmail(username);
if(!newUser) return user;
createInitialResources(newUser._id);
return newUser; return newUser;
} }

View File

@ -3,7 +3,7 @@ import type { ObjectId } from "mongodb";
import { Users } from "../../../../lib/db/mongodb"; import { Users } from "../../../../lib/db/mongodb";
import { getUserById, getUserByNickOrEmail } from "../../../../lib/db/users"; import { getUserById, getUserByNickOrEmail } from "../../../../lib/db/users";
import validateAccessToken from "../../../../lib/utils/validateAccessToken"; import validateAccessToken from "../../../../lib/utils/validateAccessToken";
import { hash, compare } from "bcrypt"; import { hash, verify } from 'argon2';
if(Astro.request.method === "PATCH") { if(Astro.request.method === "PATCH") {
const response = await validateAccessToken(Astro.request); const response = await validateAccessToken(Astro.request);
@ -28,7 +28,7 @@ if(Astro.request.method === "PATCH") {
}), { status: 404 } }), { status: 404 }
); );
if(!(await compare(body['password'], user.password))) return new Response( if(!(await verify(user.password, body['password']))) return new Response(
JSON.stringify({ JSON.stringify({
code: 401, code: 401,
message: "Unauthorized" message: "Unauthorized"
@ -88,7 +88,7 @@ if(Astro.request.method === "PATCH") {
}), { status: 400 } }), { status: 400 }
); );
const newPassword = await hash(body['newPassword'], 10); const newPassword = await hash(body['newPassword']);
(await Users()).updateOne({ _id: user._id }, { $set: { password: newPassword } }) (await Users()).updateOne({ _id: user._id }, { $set: { password: newPassword } })
return new Response( return new Response(

View File

@ -4,7 +4,7 @@ import NavBar from '../components/NavBar.astro';
import { getUserByNickOrEmail, updateLastLogin } from '../lib/db/users'; import { getUserByNickOrEmail, updateLastLogin } from '../lib/db/users';
import { compare } from 'bcrypt'; import { verify } from 'argon2';
let error = ""; let error = "";
@ -25,7 +25,7 @@ if(Astro.request.method === "POST") {
const user = await getUserByNickOrEmail(username as string); const user = await getUserByNickOrEmail(username as string);
if(user !== null && await compare(password as string, user.password)) { if(user !== null && await verify(user.password, password as string)) {
const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60; const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60;
const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, { const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {

View File

@ -3,9 +3,6 @@ import Layout from '../layouts/Layout.astro';
import NavBar from '../components/NavBar.astro'; import NavBar from '../components/NavBar.astro';
import { createUser } from '../lib/db/users'; import { createUser } from '../lib/db/users';
import type User from '../types/User';
import bcrypt from 'bcrypt';
let error = ""; let error = "";
@ -57,21 +54,7 @@ if(Astro.request.method === "POST") {
} }
if(error === "") { if(error === "") {
const user: User = { const user = await createUser(username, email, password);
username,
email,
password: await bcrypt.hash(password, 10),
lastLogin: new Date(),
createdAt: new Date(),
updatedAt: new Date(),
resources: {
coal: 1,
iron: 2,
gold: 3
}
}
await createUser(user);
const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60; const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60;