Mizah/Sharkey
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

upd: swap bcrypt to argon2, add misskey-js to dev, auto load replies

Browse source
This commit is contained in:
Mar0xy 2023-09-22 00:21:57 +02:00
parent 03b5acf17f
commit 7111c6c90b
No known key found for this signature in database
GPG key ID: 56569BBE47D2C828
20 changed files with 105 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

9
packages/backend/src/server/api/endpoints/i/change-password.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js';
@ -34,15 +35,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.currentPassword, profile.password!);
const same = await argon2.verify(profile.password!, ps.currentPassword);
if (!same) {
throw new Error('incorrect password');
}
// Generate hash of password
const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(ps.newPassword, salt);
//const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(ps.newPassword);
await this.userProfilesRepository.update(me.id, {
password: hash,