1
0
Fork 0

auth - pre-defined hash delimiter in config

master
Ruben Meyer 2 years ago
parent cd8cedf592
commit fd9e52bd65
Signed by: rxbn_
GPG Key ID: BE3BF898BE352FE2

@ -8,8 +8,11 @@
var methods = {};
var crypto = require('crypto');
var cfg = require(global['__dirname']+'/bin/config');
delimiter = cfg.app.passhashDelimiter;
/**
* Generating Hash
* returns a hash|salt combination
* @author Ruben Meyer
* @param {String} key "user password"
* @param {String} salt (OPTIONAL)
@ -27,11 +30,11 @@ methods.generateHash = (key, salt) => {
hash.update(key);
hash = hash.digest('hex');
return hash+'|'+salt;
return hash+delimiter+salt;
};
/**
* validate hashed password
* validates a hashed input
* @author Ruben Meyer
* @param {String} hash "hashed password"
* @param {String} key "plaintext password"
@ -40,15 +43,15 @@ methods.generateHash = (key, salt) => {
methods.validateHash = (hash, key) => {
if(typeof hash !== 'string' || typeof key !== 'string') return false;
let salt = hash.split('|')[1];
let salt = hash.split(delimiter)[1];
let generated = methods.generateHash(key, salt);
if(
hash.split('|')[0].length === generated.split('|')[0].length
hash.split(delimiter)[0].length === generated.split(delimiter)[0].length
&&
crypto.timingSafeEqual(
Buffer.from(generated.split('|')[0], 'hex'),
Buffer.from(hash.split('|')[0], 'hex')
Buffer.from(generated.split(delimiter)[0], 'hex'),
Buffer.from(hash.split(delimiter)[0], 'hex')
)
) {
return true;

@ -27,6 +27,7 @@ module.exports = {
},
app: {
locale: 'de-DE', // default locale (de-DE & en-EN should be available)
passhashDelimiter: '|'
},
mongoose: {
uri: process.env.DB_URL,

Loading…
Cancel
Save