auth.rxbn.de/bin/auth/module.js

/*
 * This file is part of the authRXBN single sign-on package.
 *
 * (c) Ruben Meyer <contact@rxbn.de>
 */

// init
var methods = {};
var crypto = require('crypto');

var cfg = require(global['__dirname']+'/bin/config');
delimiter = cfg.app.passhashDelimiter;

/**
 * returns a hash|salt combination
 * @author Ruben Meyer
 * @param {String} key "user password"
 * @param {String} salt (OPTIONAL)
 * @return {String}
 */
methods.generateHash = (key, salt) => {
	if(typeof salt !== 'string') {
		let length = 16;
		salt = crypto.randomBytes(Math.ceil(length/2)).toString('hex').slice(0, length);
	} else {
		salt = salt;
	}

	let hash = crypto.createHmac('sha512', salt);
		hash.update(key);
		hash = hash.digest('hex');

	return hash+delimiter+salt;
};

/**
 * validates a hashed input
 * @author Ruben Meyer
 * @param {String} hash "hashed password"
 * @param {String} key "plaintext password"
 * @return {Boolean}
 */
methods.validateHash = (hash, key) => {
	if(typeof hash !== 'string' || typeof key !== 'string') return false;

	let salt = hash.split(delimiter)[1];
	let generated = methods.generateHash(key, salt);

	if(
		hash.split(delimiter)[0].length === generated.split(delimiter)[0].length
		&&
		crypto.timingSafeEqual(
			Buffer.from(generated.split(delimiter)[0], 'hex'),
			Buffer.from(hash.split(delimiter)[0], 'hex')
		)
	) {
		return true;
	}

	return false;
};

module.exports = methods;