refactor: use argon2 instead of bcrypt

This uses argon2 instead of bcrypt.

Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
This commit is contained in:
Joe Previte 2021-06-02 12:47:22 -07:00
parent 51f8341959
commit 70197bb2a5
No known key found for this signature in database
GPG Key ID: 2C91590C6B742C24
1 changed files with 16 additions and 5 deletions

View File

@ -1,6 +1,6 @@
import * as cp from "child_process" import * as cp from "child_process"
import * as crypto from "crypto" import * as crypto from "crypto"
import * as bcrypt from "bcrypt" import * as argon2 from "argon2"
import envPaths from "env-paths" import envPaths from "env-paths"
import { promises as fs } from "fs" import { promises as fs } from "fs"
import * as net from "net" import * as net from "net"
@ -9,6 +9,7 @@ import * as path from "path"
import * as util from "util" import * as util from "util"
import xdgBasedir from "xdg-basedir" import xdgBasedir from "xdg-basedir"
import safeCompare from "safe-compare" import safeCompare from "safe-compare"
import { logger } from "@coder/logger"
export interface Paths { export interface Paths {
data: string data: string
@ -120,15 +121,25 @@ export const generatePassword = async (length = 24): Promise<string> => {
/** /**
* Used to hash the password. * Used to hash the password.
*/ */
export const hash = (password: string): string => { export const hash = async (password: string): Promise<string> => {
return bcrypt.hashSync(password, 10) try {
return await argon2.hash(password)
} catch (error) {
logger.error(error)
return ""
}
} }
/** /**
* Used to verify if the password matches the hash * Used to verify if the password matches the hash
*/ */
export const isHashMatch = (password: string, hash: string) => { export const isHashMatch = async (password: string, hash: string) => {
return bcrypt.compareSync(password, hash) try {
return await argon2.verify(hash, password)
} catch (error) {
logger.error(error)
return false
}
} }
/** /**