innohub/tatort
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove jssha and add bcrypt for password hashing with salt

Browse Source
This commit is contained in:
Chi Cong Tran
2025-08-21 10:52:29 +02:00
parent 723ec0773d
commit ec15095da3
6 changed files with 48 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/lib/auth.ts
View File

@@ -1,5 +1,5 @@
import jwt from 'jsonwebtoken';
import jsSHA from 'jssha';
import bcrypt from 'bcrypt';
import { db } from '$lib/server/dbService';
import config from '$lib/config';
@@ -18,9 +18,6 @@ export function decryptToken(token: string) {
export function authenticate(user, password) {
let JWTToken;
// hash user password
const hashedPW = new jsSHA('SHA-512', 'TEXT').update(password).getHash('HEX');
const getUserSQLStmt = 'SELECT name, pw FROM users WHERE name = ?';
const row = db.prepare(getUserSQLStmt).get(user);
@@ -29,7 +26,8 @@ export function authenticate(user, password) {
}
const storedPW = row.pw;
if (hashedPW && hashedPW === storedPW) {
const isValid = bcrypt.compareSync(password, storedPW)
if (isValid) {
JWTToken = createToken({ id: user, admin: true });
}