fix: Add password salt to the user table

author: Mohamed Bassem <me@mbassem.com> 2025-04-15 19:36:51 +0000
committer: Mohamed Bassem <me@mbassem.com> 2025-04-15 19:36:51 +0000
commit: 7e39afa29f1674df4cac51c7894181f55f66aa12 (patch)
tree: 55caff2f4d14e222a2d9c2b63157d28a438a96e7 /packages/trpc/auth.ts
parent: d7244978e9e99ca20b99a9f751b1bfef77810e94 (diff)
download: karakeep-7e39afa29f1674df4cac51c7894181f55f66aa12.tar.zst
1 files changed, 10 insertions, 3 deletions
diff --git a/packages/trpc/auth.ts b/packages/trpc/auth.ts
index f5ce88e5..1c3b860d 100644
--- a/packages/trpc/auth.ts
+++ b/packages/trpc/auth.ts
@@ -11,6 +11,10 @@ import { authFailureLogger } from "@karakeep/shared/logger";
 const BCRYPT_SALT_ROUNDS = 10;
 const API_KEY_PREFIX = "ak1";
 
+export function generatePasswordSalt() {
+  return randomBytes(32).toString("hex");
+}
+
 export async function generateApiKey(name: string, userId: string) {
   const id = randomBytes(10).toString("hex");
   const secret = randomBytes(10).toString("hex");
@@ -76,8 +80,8 @@ export async function authenticateApiKey(key: string) {
   return apiKey.user;
 }
 
-export async function hashPassword(password: string) {
-  return bcrypt.hash(password, BCRYPT_SALT_ROUNDS);
+export async function hashPassword(password: string, salt: string | null) {
+  return await bcrypt.hash(password + (salt ?? ""), BCRYPT_SALT_ROUNDS);
 }
 
 export async function validatePassword(email: string, password: string) {
@@ -96,7 +100,10 @@ export async function validatePassword(email: string, password: string) {
     throw new Error("This user doesn't have a password defined");
   }
 
-  const validation = await bcrypt.compare(password, user.password);
+  const validation = await bcrypt.compare(
+    password + (user.salt ?? ""),
+    user.password,
+  );
   if (!validation) {
     throw new Error("Wrong password");
   }
author	Mohamed Bassem <me@mbassem.com>	2025-04-15 19:36:51 +0000
committer	Mohamed Bassem <me@mbassem.com>	2025-04-15 19:36:51 +0000
commit	7e39afa29f1674df4cac51c7894181f55f66aa12 (patch)
tree	55caff2f4d14e222a2d9c2b63157d28a438a96e7 /packages/trpc/auth.ts
parent	d7244978e9e99ca20b99a9f751b1bfef77810e94 (diff)
download	karakeep-7e39afa29f1674df4cac51c7894181f55f66aa12.tar.zst