Skip to content

Commit

Permalink
refactor: use better maintained argon2 instead of bcrypt as hashi…
Browse files Browse the repository at this point in the history
…ng library
  • Loading branch information
pmstss committed Sep 11, 2024
1 parent dbe1c36 commit 384a7c6
Show file tree
Hide file tree
Showing 4 changed files with 133 additions and 116 deletions.
235 changes: 127 additions & 108 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@
"@sectester/runner": "^0.33.1",
"@sectester/scan": "^0.33.1",
"@xmldom/xmldom": "^0.9.2",
"argon2": "^0.41.1",
"axios": "^1.7.7",
"bcrypt": "^5.1.1",
"class-transformer": "^0.5.1",
"dot": "^1.1.3",
"dotenv": "^16.4.5",
Expand Down
4 changes: 2 additions & 2 deletions pg.sql
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ create table "product" ("id" serial primary key, "created_at" timestamptz(0) not

set session_replication_role = 'origin';
--password is admin
INSERT INTO "user" (created_at, updated_at, email, password, first_name, last_name, is_admin, photo, company, card_number, phone_number, is_basic) VALUES (now(), now(), 'admin', '$2b$10$BBJjmVNNdyEgv7pV/zQR9u/ssIuwZsdDJbowW/Dgp28uws3GmO0Ky', 'admin', 'admin', true, null, 'Brightsec', '1234 5678 9012 3456', '+1 234 567 890', true);
INSERT INTO "user" (created_at, updated_at, email, password, first_name, last_name, is_admin, photo, company, card_number, phone_number, is_basic) VALUES (now(), now(), 'user', '$2b$10$edsq4aqzAHnrJu68t8GS2.v0Z7hJSstAo7wBBDmmbpjYGxMMTYpVi', 'user', 'user', false, null, 'Brightsec', '1234 5678 9012 3456', '+1 234 567 890', true);
INSERT INTO "user" (created_at, updated_at, email, password, first_name, last_name, is_admin, photo, company, card_number, phone_number, is_basic) VALUES (now(), now(), 'admin', '$argon2id$v=19$m=65536,t=3,p=4$jmtTCTEcjngErif00RfYAg$biS59Ixnrz+dHeJrJ91ybmHt+4wrVgcH3RXvfaqZtNI', 'admin', 'admin', true, null, 'Brightsec', '1234 5678 9012 3456', '+1 234 567 890', true);
INSERT INTO "user" (created_at, updated_at, email, password, first_name, last_name, is_admin, photo, company, card_number, phone_number, is_basic) VALUES (now(), now(), 'user', '$argon2id$v=19$m=65536,t=3,p=4$hJX1v2kH3UFlEOhZFZn3RQ$oXDFhwgoxosiunmy720fBEBGiin0XNeTvDlDk3dUAT4', 'user', 'user', false, null, 'Brightsec', '1234 5678 9012 3456', '+1 234 567 890', true);

--insert default products into the table
INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Healing', '/api/file?path=config/products/crystals/amethyst.jpg&type=image/jpg', 'Amethyst', 'a violet variety of quartz');
Expand Down
8 changes: 3 additions & 5 deletions src/auth/credentials.utils.ts
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
import { hash, compare } from 'bcrypt';

const SALT_ROUNDS = 10;
import { hash, verify } from 'argon2';

export const hashPassword = (password: string): Promise<string> =>
hash(password, SALT_ROUNDS);
hash(password);

export const passwordMatches = (
password: string,
hash: string
): Promise<boolean> => compare(password, hash);
): Promise<boolean> => verify(hash, password);

0 comments on commit 384a7c6

Please sign in to comment.