enhance(backend): Replace bcrypt with Argon2

Squashed commit of the following: commit 4862fd8467d529c54d0aa3e6abff15a574459a8b Author: Shun Sakai <sorairolake@protonmail.ch> Date: Wed Oct 23 20:44:30 2024 +0900 chore(backend): Update `argon2` package commit a52eff5deaee39c0a70c83da49ca58d0eab8d513 Author: NoriDev <m1nthing2322@gmail.com> Date: Mon Oct 7 18:11:34 2024 +0900 Revert "tweak 0dc322b6 (1673beta/cherrypick#88)" This reverts commit ab6a5d0c3dbe7146de19d72d08658b1c011fe30a. commit be51daec8a916a2668ea5794e067bde06499e1a4 Author: Mar0xy <marie@kaifa.ch> Date: Wed Sep 27 21:46:56 2023 +0200 upd: rehash misskey passwords with argon2 on login commit 67b124b7e6e8f1b1d1738ea9a123ab0500876d58 Author: Mar0xy <marie@kaifa.ch> Date: Fri Sep 22 00:21:57 2023 +0200 upd: swap bcrypt to argon2
2024-10-23 20:47:45 +09:00 · 2024-10-23 20:47:45 +09:00 · 7f743dc981
commit 7f743dc981
parent 15ae1605ec
18 changed files with 132 additions and 64 deletions
--- a/packages/backend/src/server/api/endpoints/i/2fa/register.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/register.ts
@ -3,7 +3,7 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */

-import bcrypt from 'bcryptjs';
+import * as argon2 from 'argon2';
 import * as OTPAuth from 'otpauth';
 import * as QRCode from 'qrcode';
 import { Inject, Injectable } from '@nestjs/common';
@ -77,7 +77,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				}
 			}

-			const passwordMatched = await bcrypt.compare(ps.password, profile.password ?? '');
+			const passwordMatched = await argon2.verify(profile.password ?? '', ps.password);
 			if (!passwordMatched) {
 				throw new ApiError(meta.errors.incorrectPassword);
 			}