Ryan/drop
1
0
Fork 0
mirror of https://github.com/Drop-OSS/drop.git synced 2025-11-13 08:12:40 +10:00
Code Issues Packages Projects Releases Wiki Activity

new accounts use argon2

Browse Source
This commit is contained in:
Huskydog9988
2025-03-22 17:09:10 -04:00
parent 2027c69c0e
commit 2c9fdebf25
6 changed files with 102 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
server/api/v1/auth/signin/simple.post.ts
View File

@ -1,7 +1,10 @@
import { AuthMec } from "@prisma/client";
import { JsonArray } from "@prisma/client/runtime/library";
import prisma from "~/server/internal/db/database";
import { checkHash } from "~/server/internal/security/simple";
import {
checkHashArgon2,
checkHashBcrypt,
} from "~/server/internal/security/simple";
import sessionHandler from "~/server/internal/session";
export default defineEventHandler(async (h3) => {
@ -19,10 +22,20 @@ export default defineEventHandler(async (h3) => {
const authMek = await prisma.linkedAuthMec.findFirst({
where: {
mec: AuthMec.Simple,
credentials: {
array_starts_with: username,
},
enabled: true,
OR: [
{
// TODO: check if this is even needed with below condition
credentials: {
array_starts_with: username,
},
},
{
user: {
username,
},
},
],
},
include: {
user: {
@ -38,24 +51,50 @@ export default defineEventHandler(async (h3) => {
statusCode: 401,
statusMessage: "Invalid username or password.",
});
const credentials = authMek.credentials as JsonArray;
const hash = credentials.at(1);
if (!hash || !authMek.user.enabled)
else if (!authMek.user.enabled)
throw createError({
statusCode: 403,
statusMessage:
"Invalid or disabled account. Please contact the server administrator.",
});
if (!(await checkHash(password, hash.toString())))
throw createError({
statusCode: 401,
statusMessage: "Invalid username or password.",
});
// if using old auth schema
if (Array.isArray(authMek.credentials)) {
const hash = authMek.credentials.at(1);
await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
if (!hash)
throw createError({
statusCode: 403,
statusMessage:
"Invalid password state. Please contact the server administrator.",
});
return { result: true, userId: authMek.userId };
if (!(await checkHashBcrypt(password, hash.toString())))
throw createError({
statusCode: 401,
statusMessage: "Invalid username or password.",
});
// TODO: send user to forgot password screen or something to force them to change their password to new system
await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
return { result: true, userId: authMek.userId };
} else {
// using new (modern) login flow
if (authMek.password === null)
throw createError({
statusCode: 500,
statusMessage:
"Invalid password state. Please contact the server administrator.",
});
else if (!(await checkHashArgon2(password, authMek.password)))
throw createError({
statusCode: 401,
statusMessage: "Invalid username or password.",
});
await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
return { result: true, userId: authMek.userId };
}
});

8
server/api/v1/auth/signup/simple.post.ts
View File

@ -1,6 +1,6 @@
import { AuthMec, Invitation } from "@prisma/client";
import prisma from "~/server/internal/db/database";
import { createHash } from "~/server/internal/security/simple";
import { createHashArgon2 } from "~/server/internal/security/simple";
import { v4 as uuidv4 } from "uuid";
import * as jdenticon from "jdenticon";
import objectHandler from "~/server/internal/objects";
@ -97,6 +97,7 @@ export default defineEventHandler(async (h3) => {
);
const user = await prisma.user.create({
data: {
id: userId,
username,
displayName,
email,
@ -105,12 +106,13 @@ export default defineEventHandler(async (h3) => {
},
});
const hash = await createHash(password);
const hash = await createHashArgon2(password);
await prisma.linkedAuthMec.create({
data: {
mec: AuthMec.Simple,
credentials: [username, hash],
credentials: {},
userId: user.id,
password: hash,
},
});