From 7e39afa29f1674df4cac51c7894181f55f66aa12 Mon Sep 17 00:00:00 2001 From: Mohamed Bassem Date: Tue, 15 Apr 2025 19:36:51 +0000 Subject: fix: Add password salt to the user table --- packages/trpc/auth.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'packages/trpc/auth.ts') diff --git a/packages/trpc/auth.ts b/packages/trpc/auth.ts index f5ce88e5..1c3b860d 100644 --- a/packages/trpc/auth.ts +++ b/packages/trpc/auth.ts @@ -11,6 +11,10 @@ import { authFailureLogger } from "@karakeep/shared/logger"; const BCRYPT_SALT_ROUNDS = 10; const API_KEY_PREFIX = "ak1"; +export function generatePasswordSalt() { + return randomBytes(32).toString("hex"); +} + export async function generateApiKey(name: string, userId: string) { const id = randomBytes(10).toString("hex"); const secret = randomBytes(10).toString("hex"); @@ -76,8 +80,8 @@ export async function authenticateApiKey(key: string) { return apiKey.user; } -export async function hashPassword(password: string) { - return bcrypt.hash(password, BCRYPT_SALT_ROUNDS); +export async function hashPassword(password: string, salt: string | null) { + return await bcrypt.hash(password + (salt ?? ""), BCRYPT_SALT_ROUNDS); } export async function validatePassword(email: string, password: string) { @@ -96,7 +100,10 @@ export async function validatePassword(email: string, password: string) { throw new Error("This user doesn't have a password defined"); } - const validation = await bcrypt.compare(password, user.password); + const validation = await bcrypt.compare( + password + (user.salt ?? ""), + user.password, + ); if (!validation) { throw new Error("Wrong password"); } -- cgit v1.2.3-70-g09d2