Mizah/Sharkey
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

upd: swap bcrypt to argon2, add misskey-js to dev, auto load replies

Browse source
This commit is contained in:
Mar0xy 2023-09-22 00:21:57 +02:00
parent 03b5acf17f
commit 7111c6c90b
No known key found for this signature in database
GPG key ID: 56569BBE47D2C828
20 changed files with 105 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

5
packages/backend/src/server/api/endpoints/i/2fa/remove-key.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository, UserSecurityKeysRepository } from '@/models/_.js';
@ -51,7 +52,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.password, profile.password ?? '');
const same = await argon2.verify(profile.password ?? '', ps.password);
if (!same) {
throw new ApiError(meta.errors.incorrectPassword);