Merge branch 'develop' of Software_Engineering_I/greenvironment-server into master

pull/5/head
Trivernis 5 years ago
commit cb34875eba

1
.gitignore vendored

@ -11,3 +11,4 @@ greenvironment.db
logs
logs*
config/*
yarn-error.log

@ -53,6 +53,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- default response timeout from 2 minutes to 30 seconds
- cluster api to start workers with a 2 second delay each to avoid race conditions
- levels to be configured in the backend
- password hash function to be sCrypt with a salt
### Fixed

@ -62,6 +62,7 @@
"dependencies": {
"@types/body-parser": "^1.17.1",
"@types/graphql-upload": "^8.0.3",
"@types/scrypt-js": "^2.0.4",
"body-parser": "^1.19.0",
"compression": "^1.7.4",
"config": "^3.2.4",
@ -88,6 +89,7 @@
"pg": "^7.12.1",
"pug": "^2.0.4",
"reflect-metadata": "^0.1.13",
"scrypt-js": "^3.0.0",
"sequelize": "^5.19.6",
"sequelize-typescript": "^1.0.0",
"sharp": "^0.23.4",

@ -18,8 +18,42 @@ import {InternalEvents} from "./InternalEvents";
import * as models from "./models";
import {Activity, BlacklistedPhrase} from "./models";
const scrypt = require("scrypt-js");
// tslint:disable:completed-docs
const scrN = 32768;
const scrR = 8;
const scrP = 1;
const scrKeyLength = 64;
/**
* Creates a random salt.
*/
function generateSalt(): Buffer {
return crypto.randomBytes(32);
}
/**
* Returns a scrypt generated key
* @param password
* @param salt
*/
async function scryptHashPassword(password: string, salt: Buffer): Promise<string> {
const key: readonly number[] = await scrypt.scrypt(Buffer.from(password), salt, scrN, scrR, scrP, scrKeyLength);
const keyMut = [...key];
return Buffer.from(keyMut).toString("base64");
}
/**
* Creates a sha512 hash from a password
* @param password
*/
function sha512HashPassword(password: string) {
const hash = crypto.createHash("sha512");
hash.update(password);
return hash.digest("hex");
}
/**
* Generates a new handle from the username and a base64 string of the current time.
* @param username
@ -114,10 +148,19 @@ namespace dataaccess {
* @param password
*/
export async function getUserByLogin(email: string, password: string): Promise<models.User> {
const hash = crypto.createHash("sha512");
hash.update(password);
password = hash.digest("hex");
const user = await models.User.findOne({where: {email}});
if (!user.salt) {
const hashPassword = sha512HashPassword(password);
if (hashPassword === user.password) {
const salt = generateSalt();
user.salt = Buffer.from(salt).toString("hex");
user.password = await scryptHashPassword(password, Buffer.from(user.salt));
await user.save();
password = user.password;
}
} else {
password = await scryptHashPassword(password, Buffer.from(user.salt));
}
if (user) {
if (user.password === password) {
return user;

@ -84,6 +84,12 @@ export class User extends Model<User> {
@Column({type: sqz.STRING(128), allowNull: false})
public password: string;
/**
* The salt for the password
*/
@Column({type: sqz.STRING(128)})
public salt: string;
/**
* The ranking points of the user
*/

File diff suppressed because it is too large Load Diff

@ -297,6 +297,13 @@
dependencies:
"@types/node" "*"
"@types/scrypt-js@^2.0.4":
version "2.0.4"
resolved "https://registry.yarnpkg.com/@types/scrypt-js/-/scrypt-js-2.0.4.tgz#c75d17910357d79552a8aa102a8c907ebcd029d5"
integrity sha512-FCgSes9EwZrZEv3VmEKGSWeDgJSm6DJdR/QrBnZ1Y6Xhi9EAKmZqr6ocpPtZT/ZbJwaa/rpLyLq4uIy1Imzrhw==
dependencies:
"@types/node" "*"
"@types/sequelize@^4.28.5":
version "4.28.6"
resolved "https://registry.yarnpkg.com/@types/sequelize/-/sequelize-4.28.6.tgz#01d2f1d3781cc34448cd63c2fd97bdb0612b15de"
@ -4565,6 +4572,11 @@ sax@^1.2.4:
resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==
scrypt-js@^3.0.0:
version "3.0.0"
resolved "https://registry.yarnpkg.com/scrypt-js/-/scrypt-js-3.0.0.tgz#52361c1f272eeaab09ec1f806ea82078bca58b15"
integrity sha512-7CC7aufwukEvqdmllR0ny0QaSg0+S22xKXrXz3ZahaV6J+fgD2YAtrjtImuoDWog17/Ty9Q4HBmnXEXJ3JkfQA==
semver-greatest-satisfied-range@^1.1.0:
version "1.1.0"
resolved "https://registry.yarnpkg.com/semver-greatest-satisfied-range/-/semver-greatest-satisfied-range-1.1.0.tgz#13e8c2658ab9691cb0cd71093240280d36f77a5b"

Loading…
Cancel
Save