Replace bcrypt with argon2
This commit is contained in:
parent
80d9e9404c
commit
1bc6aa95b8
GPG Key ID:
E44490C2025906C1
File diff suppressed because it is too large
Load Diff
|
|
@ -10,11 +10,8 @@
|
|||
"astro": "astro"
|
||||
},
|
||||
"dependencies": {
|
||||
"astro": "^3.2.4",
|
||||
"bcrypt": "^5.1.1",
|
||||
"argon2": "^0.40.1",
|
||||
"astro": "^4.5.10",
|
||||
"mongodb": "^6.2.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/bcrypt": "^5.0.1"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,14 +4,31 @@ import type Resources from '../../types/Resources';
|
|||
import type Building from '../../types/Building';
|
||||
import type AccessToken from '../../types/AccessToken';
|
||||
import { ObjectId } from 'mongodb';
|
||||
import { hash } from 'argon2'
|
||||
import { createInitialResources } from '../utils/resourceManager';
|
||||
|
||||
export const getAllUsers = async () => {
|
||||
const users = await Users();
|
||||
return users.find({}).toArray() as Promise<User[]>;
|
||||
}
|
||||
|
||||
export const createUser = async (user: User) => {
|
||||
const newUser = await (await Users()).insertOne(user);
|
||||
export const createUser = async (username: string, email: string, password: string) => {
|
||||
const user: User = {
|
||||
username,
|
||||
email,
|
||||
password: await hash(password),
|
||||
lastLogin: new Date(),
|
||||
createdAt: new Date(),
|
||||
updatedAt: new Date(),
|
||||
//@ts-ignore
|
||||
resources: {}
|
||||
}
|
||||
|
||||
|
||||
await (await Users()).insertOne(user);
|
||||
const newUser = await getUserByNickOrEmail(username);
|
||||
if(!newUser) return user;
|
||||
createInitialResources(newUser._id);
|
||||
return newUser;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ import type { ObjectId } from "mongodb";
|
|||
import { Users } from "../../../../lib/db/mongodb";
|
||||
import { getUserById, getUserByNickOrEmail } from "../../../../lib/db/users";
|
||||
import validateAccessToken from "../../../../lib/utils/validateAccessToken";
|
||||
import { hash, compare } from "bcrypt";
|
||||
import { hash, verify } from 'argon2';
|
||||
|
||||
if(Astro.request.method === "PATCH") {
|
||||
const response = await validateAccessToken(Astro.request);
|
||||
|
|
@ -28,7 +28,7 @@ if(Astro.request.method === "PATCH") {
|
|||
}), { status: 404 }
|
||||
);
|
||||
|
||||
if(!(await compare(body['password'], user.password))) return new Response(
|
||||
if(!(await verify(user.password, body['password']))) return new Response(
|
||||
JSON.stringify({
|
||||
code: 401,
|
||||
message: "Unauthorized"
|
||||
|
|
@ -88,7 +88,7 @@ if(Astro.request.method === "PATCH") {
|
|||
}), { status: 400 }
|
||||
);
|
||||
|
||||
const newPassword = await hash(body['newPassword'], 10);
|
||||
const newPassword = await hash(body['newPassword']);
|
||||
|
||||
(await Users()).updateOne({ _id: user._id }, { $set: { password: newPassword } })
|
||||
return new Response(
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import NavBar from '../components/NavBar.astro';
|
|||
|
||||
import { getUserByNickOrEmail, updateLastLogin } from '../lib/db/users';
|
||||
|
||||
import { compare } from 'bcrypt';
|
||||
import { verify } from 'argon2';
|
||||
|
||||
let error = "";
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ if(Astro.request.method === "POST") {
|
|||
|
||||
const user = await getUserByNickOrEmail(username as string);
|
||||
|
||||
if(user !== null && await compare(password as string, user.password)) {
|
||||
if(user !== null && await verify(user.password, password as string)) {
|
||||
const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60;
|
||||
|
||||
const res = await fetch(`${Astro.url.origin}/api/auth/generateAccessToken`, {
|
||||
|
|
|
|||
|
|
@ -3,9 +3,6 @@ import Layout from '../layouts/Layout.astro';
|
|||
import NavBar from '../components/NavBar.astro';
|
||||
|
||||
import { createUser } from '../lib/db/users';
|
||||
import type User from '../types/User';
|
||||
|
||||
import bcrypt from 'bcrypt';
|
||||
|
||||
let error = "";
|
||||
|
||||
|
|
@ -57,21 +54,7 @@ if(Astro.request.method === "POST") {
|
|||
}
|
||||
|
||||
if(error === "") {
|
||||
const user: User = {
|
||||
username,
|
||||
email,
|
||||
password: await bcrypt.hash(password, 10),
|
||||
lastLogin: new Date(),
|
||||
createdAt: new Date(),
|
||||
updatedAt: new Date(),
|
||||
resources: {
|
||||
coal: 1,
|
||||
iron: 2,
|
||||
gold: 3
|
||||
}
|
||||
}
|
||||
|
||||
await createUser(user);
|
||||
const user = await createUser(username, email, password);
|
||||
|
||||
const sessionTime = import.meta.env.SESSION_TIME_MINUTES * 60;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue