Ryan/Reactive-Resume
1
0
Fork 0
mirror of https://github.com/AmruthPillai/Reactive-Resume.git synced 2025-11-16 01:32:02 +10:00
Code Issues Packages Projects Releases Wiki Activity

perf(security): generate random salt rounds integer

Browse Source
This commit is contained in:
Amruth Pillai
2022-03-24 08:45:22 +01:00
parent 776d2f79a6
commit c95efee8ec
1 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/src/auth/auth.service.ts
View File

@ -3,6 +3,7 @@ import { ConfigService } from '@nestjs/config';
import { JwtService } from '@nestjs/jwt'; import { JwtService } from '@nestjs/jwt';
import { SchedulerRegistry } from '@nestjs/schedule'; import { SchedulerRegistry } from '@nestjs/schedule';
import bcrypt from 'bcrypt'; import bcrypt from 'bcrypt';
import { randomInt } from 'crypto';
import { google } from 'googleapis'; import { google } from 'googleapis';
import { PostgresErrorCode } from '@/database/errorCodes.enum'; import { PostgresErrorCode } from '@/database/errorCodes.enum';
@ -22,12 +23,8 @@ export class AuthService {
private jwtService: JwtService private jwtService: JwtService
) {} ) {}
private getRandomSaltRounds(min: number, max: number) {
return Math.floor(Math.random() * (max - min + 1) + min);
}
async register(registerDto: RegisterDto) { async register(registerDto: RegisterDto) {
const hashedPassword = await bcrypt.hash(registerDto.password, this.getRandomSaltRounds(10, 20)); const hashedPassword = await bcrypt.hash(registerDto.password, randomInt(8, 12));
try { try {
const createdUser = await this.usersService.create({ const createdUser = await this.usersService.create({
@ -78,7 +75,7 @@ export class AuthService {
async resetPassword(resetPasswordDto: ResetPasswordDto) { async resetPassword(resetPasswordDto: ResetPasswordDto) {
const user = await this.usersService.findByResetToken(resetPasswordDto.resetToken); const user = await this.usersService.findByResetToken(resetPasswordDto.resetToken);
const hashedPassword = await bcrypt.hash(resetPasswordDto.password, this.getRandomSaltRounds(10, 20)); const hashedPassword = await bcrypt.hash(resetPasswordDto.password, randomInt(8, 12));
await this.usersService.update(user.id, { await this.usersService.update(user.id, {
password: hashedPassword, password: hashedPassword,