auth - pre-defined hash delimiter in config

bin/auth/module.js

@@ -8,8 +8,11 @@
 var methods = {};
 var crypto = require('crypto');
 
+var cfg = require(global['__dirname']+'/bin/config');
+delimiter = cfg.app.passhashDelimiter;
+
 /**
- * Generating Hash
+ * returns a hash|salt combination
  * @author Ruben Meyer
  * @param {String} key "user password"
  * @param {String} salt (OPTIONAL)
@@ -27,11 +30,11 @@ methods.generateHash = (key, salt) => {
 		hash.update(key);
 		hash = hash.digest('hex');
 
-	return hash+'|'+salt;
+	return hash+delimiter+salt;
 };
 
 /**
- * validate hashed password
+ * validates a hashed input
  * @author Ruben Meyer
  * @param {String} hash "hashed password"
  * @param {String} key "plaintext password"
@@ -40,15 +43,15 @@ methods.generateHash = (key, salt) => {
 methods.validateHash = (hash, key) => {
 	if(typeof hash !== 'string' || typeof key !== 'string') return false;
 
-	let salt = hash.split('|')[1];
+	let salt = hash.split(delimiter)[1];
 	let generated = methods.generateHash(key, salt);
 
 	if(
-		hash.split('|')[0].length === generated.split('|')[0].length
+		hash.split(delimiter)[0].length === generated.split(delimiter)[0].length
 		&&
 		crypto.timingSafeEqual(
-			Buffer.from(generated.split('|')[0], 'hex'),
-			Buffer.from(hash.split('|')[0], 'hex')
+			Buffer.from(generated.split(delimiter)[0], 'hex'),
+			Buffer.from(hash.split(delimiter)[0], 'hex')
 		)
 	) {
 		return true;

bin/config.js

@@ -27,6 +27,7 @@ module.exports = {
 	},
 	app: {
 		locale: 'de-DE', // default locale (de-DE & en-EN should be available)
+		passhashDelimiter: '|'
 	},
 	mongoose: {
 		uri: process.env.DB_URL,