From 70197bb2a514cd8dfc1115233c94b385aed9afa7 Mon Sep 17 00:00:00 2001
From: Joe Previte <jjprevite@gmail.com>
Date: Wed, 2 Jun 2021 12:47:22 -0700
Subject: [PATCH] refactor: use argon2 instead of bcrypt

This uses argon2 instead of bcrypt.

Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
---
 src/node/util.ts | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/node/util.ts b/src/node/util.ts
index 495c3389f..e3039d89c 100644
--- a/src/node/util.ts
+++ b/src/node/util.ts
@@ -1,6 +1,6 @@
 import * as cp from "child_process"
 import * as crypto from "crypto"
-import * as bcrypt from "bcrypt"
+import * as argon2 from "argon2"
 import envPaths from "env-paths"
 import { promises as fs } from "fs"
 import * as net from "net"
@@ -9,6 +9,7 @@ import * as path from "path"
 import * as util from "util"
 import xdgBasedir from "xdg-basedir"
 import safeCompare from "safe-compare"
+import { logger } from "@coder/logger"
 
 export interface Paths {
   data: string
@@ -120,15 +121,25 @@ export const generatePassword = async (length = 24): Promise<string> => {
 /**
  * Used to hash the password.
  */
-export const hash = (password: string): string => {
-  return bcrypt.hashSync(password, 10)
+export const hash = async (password: string): Promise<string> => {
+  try {
+    return await argon2.hash(password)
+  } catch (error) {
+    logger.error(error)
+    return ""
+  }
 }
 
 /**
  * Used to verify if the password matches the hash
  */
-export const isHashMatch = (password: string, hash: string) => {
-  return bcrypt.compareSync(password, hash)
+export const isHashMatch = async (password: string, hash: string) => {
+  try {
+    return await argon2.verify(hash, password)
+  } catch (error) {
+    logger.error(error)
+    return false
+  }
 }
 
 /**