Change passsword hash function to sCrypt

.gitignore

@@ -11,3 +11,4 @@ greenvironment.db
 logs
 logs*
 config/*
+yarn-error.log

CHANGELOG.md

@@ -53,6 +53,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - default response timeout from 2 minutes to 30 seconds
 - cluster api to start workers with a 2 second delay each to avoid race conditions
 - levels to be configured in the backend
+- password hash function to be sCrypt with a salt
 
 ### Fixed
 

package.json

@@ -62,6 +62,7 @@
   "dependencies": {
     "@types/body-parser": "^1.17.1",
     "@types/graphql-upload": "^8.0.3",
+    "@types/scrypt-js": "^2.0.4",
     "body-parser": "^1.19.0",
     "compression": "^1.7.4",
     "config": "^3.2.4",
@@ -88,6 +89,7 @@
     "pg": "^7.12.1",
     "pug": "^2.0.4",
     "reflect-metadata": "^0.1.13",
+    "scrypt-js": "^3.0.0",
     "sequelize": "^5.19.6",
     "sequelize-typescript": "^1.0.0",
     "sharp": "^0.23.4",

src/lib/dataAccess.ts

@@ -18,8 +18,42 @@ import {InternalEvents} from "./InternalEvents";
 import * as models from "./models";
 import {Activity, BlacklistedPhrase} from "./models";
 
+const scrypt = require("scrypt-js");
 // tslint:disable:completed-docs
 
+const scrN = 32768;
+const scrR = 8;
+const scrP = 1;
+const scrKeyLength = 64;
+
+/**
+ * Creates a random salt.
+ */
+function generateSalt(): Buffer {
+    return crypto.randomBytes(32);
+}
+
+/**
+ * Returns a scrypt generated key
+ * @param password
+ * @param salt
+ */
+async function scryptHashPassword(password: string, salt: Buffer): Promise<string> {
+    const key: readonly number[] = await scrypt.scrypt(Buffer.from(password), salt, scrN, scrR, scrP, scrKeyLength);
+    const keyMut = [...key];
+    return Buffer.from(keyMut).toString("base64");
+}
+
+/**
+ * Creates a sha512 hash from a password
+ * @param password
+ */
+function sha512HashPassword(password: string) {
+    const hash = crypto.createHash("sha512");
+    hash.update(password);
+    return hash.digest("hex");
+}
+
 /**
  * Generates a new handle from the username and a base64 string of the current time.
  * @param username
@@ -114,10 +148,19 @@ namespace dataaccess {
      * @param password
      */
     export async function getUserByLogin(email: string, password: string): Promise<models.User> {
-        const hash = crypto.createHash("sha512");
-        hash.update(password);
-        password = hash.digest("hex");
         const user = await models.User.findOne({where: {email}});
+        if (!user.salt) {
+            const hashPassword = sha512HashPassword(password);
+            if (hashPassword === user.password) {
+                const salt = generateSalt();
+                user.salt = Buffer.from(salt).toString("hex");
+                user.password = await scryptHashPassword(password, Buffer.from(user.salt));
+                await user.save();
+                password = user.password;
+            }
+        } else {
+            password = await scryptHashPassword(password, Buffer.from(user.salt));
+        }
         if (user) {
             if (user.password === password) {
                 return user;

src/lib/models/User.ts

@@ -84,6 +84,12 @@ export class User extends Model<User> {
     @Column({type: sqz.STRING(128), allowNull: false})
     public password: string;
 
+    /**
+     * The salt for the password
+     */
+    @Column({type: sqz.STRING(128)})
+    public salt: string;
+
     /**
      * The ranking points of the user
      */

tslint.json

@@ -11,7 +11,7 @@
     "no-conditional-assignment": true,
     "no-consecutive-blank-lines": false,
     "cyclomatic-complexity": true,
-    "brace-style": "1tbs",
+    "brace-style": "1tbs",hashes
     "semicolon": true,
     "indent": [true, "spaces", 4],
     "no-shadowed-variable": true,

yarn.lock

@@ -297,6 +297,13 @@
   dependencies:
     "@types/node" "*"
 
+"@types/scrypt-js@^2.0.4":
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/@types/scrypt-js/-/scrypt-js-2.0.4.tgz#c75d17910357d79552a8aa102a8c907ebcd029d5"
+  integrity sha512-FCgSes9EwZrZEv3VmEKGSWeDgJSm6DJdR/QrBnZ1Y6Xhi9EAKmZqr6ocpPtZT/ZbJwaa/rpLyLq4uIy1Imzrhw==
+  dependencies:
+    "@types/node" "*"
+
 "@types/sequelize@^4.28.5":
   version "4.28.6"
   resolved "https://registry.yarnpkg.com/@types/sequelize/-/sequelize-4.28.6.tgz#01d2f1d3781cc34448cd63c2fd97bdb0612b15de"
@@ -4565,6 +4572,11 @@ sax@^1.2.4:
   resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
   integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==
 
+scrypt-js@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/scrypt-js/-/scrypt-js-3.0.0.tgz#52361c1f272eeaab09ec1f806ea82078bca58b15"
+  integrity sha512-7CC7aufwukEvqdmllR0ny0QaSg0+S22xKXrXz3ZahaV6J+fgD2YAtrjtImuoDWog17/Ty9Q4HBmnXEXJ3JkfQA==
+
 semver-greatest-satisfied-range@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/semver-greatest-satisfied-range/-/semver-greatest-satisfied-range-1.1.0.tgz#13e8c2658ab9691cb0cd71093240280d36f77a5b"