Use bcrypt for password

tchajed · tchajed · commit a20e8ed7c318 · 2024-03-02T11:53:11.000-06:00
diff --git a/hash_password/src/main.ts b/hash_password/src/main.ts
@@ -0,0 +1,34 @@
+import bcrypt from "bcryptjs";
+import { Command } from "commander";
+
+async function hashPassword(password: string): Promise<string> {
+  const saltRounds = 10;
+
+  return new Promise((resolve, reject) => {
+    bcrypt.hash(password, saltRounds, (err, hash) => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve(hash);
+      }
+    });
+  });
+}
+
+async function main() {
+  const program = new Command();
+  program
+    .version("0.1.0")
+    .description("Hash password")
+    .argument("<password>", "Password to hash")
+    .action(async (password: string, _options) => {
+      const hash = await hashPassword(password);
+      console.log(hash);
+      if (!(await bcrypt.compare(password, hash))) {
+        console.error("password is not considered correct?!");
+      }
+    });
+  program.parseAsync();
+}
+
+main();
diff --git a/hash_password/tsconfig.json b/hash_password/tsconfig.json
@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist",
+    "target": "es2016",
+    "module": "NodeNext",
+    "forceConsistentCasingInFileNames": true,
+    "lib": ["es2021"],
+    "sourceMap": true,
+    "esModuleInterop": true,
+    "moduleResolution": "nodenext",
+    "strict": true
+  }
+}
diff --git a/package.json b/package.json
@@ -36,17 +36,27 @@
     "@types/sharp": "^0.31.0",
     "@typescript-eslint/eslint-plugin": "^5.61.0",
     "@typescript-eslint/parser": "^5.61.0",
+    "assert": "^2.0.0",
+    "crypto-browserify": "^3.12.0",
     "eslint": "^8.42.0",
     "eslint-plugin-unused-imports": "^2.0.0",
+    "events": "^3.1.0",
+    "os-browserify": "^0.3.0",
     "parcel": "^2.9.3",
     "parcel-reporter-static-files-copy": "^1.5.0",
     "parcel-resolver-ts-base-url": "^1.3.1",
+    "path-browserify": "^1.0.0",
     "posthtml-include": "^1.7.4",
     "prettier": "^2.8.8",
     "process": "^0.11.10",
+    "punycode": "^1.4.1",
     "puppeteer": "^21.6.1",
+    "querystring-es3": "^0.2.1",
+    "stream-browserify": "^3.0.0",
     "ts-node": "^10.9.1",
     "typescript": "^5.1.3",
+    "url": "^0.11.0",
+    "util": "^0.12.3",
     "workbox-cli": "^7.0.0"
   },
   "dependencies": {
@@ -56,9 +66,11 @@
     "@fortawesome/free-brands-svg-icons": "^6.4.0",
     "@fortawesome/free-solid-svg-icons": "^6.4.0",
     "@fortawesome/react-fontawesome": "^0.2.0",
+    "@types/bcryptjs": "^2.4.6",
     "@types/cli-progress": "^3.11.0",
     "adm-zip": "^0.5.10",
     "axios": "^1.4.0",
+    "bcryptjs": "^2.4.3",
     "classnames": "^2.3.2",
     "cli-progress": "^3.12.0",
     "commander": "^10.0.1",
diff --git a/src/js/password.ts b/src/js/password.ts
@@ -1,18 +1,12 @@
+import bcrypt from "bcryptjs";
+
 const PASSWORD_HASH =
-  "88e0b211e647f2a9f1d63720c3f1a7cef35a2940d28b5290fe12141ce446dbeb";
+  "$2a$10$1ES0fLT64vbFtjc98cN4zuXtyB5souy66c1wgUWeRYyGBuV/m7O.m";
 
 export async function isCorrectPassword(password: string): Promise<boolean> {
   // quick check if there's no password attempt
   if (password == "") {
     return false;
   }
-  const hashBuffer = await crypto.subtle.digest(
-    "SHA-256",
-    new TextEncoder().encode(password),
-  );
-  const hashArray = Array.from(new Uint8Array(hashBuffer)); // convert buffer to byte array
-  const hashHex = hashArray
-    .map((b) => b.toString(16).padStart(2, "0"))
-    .join(""); // convert bytes to hex string
-  return hashHex == PASSWORD_HASH;
+  return await bcrypt.compare(password, PASSWORD_HASH);
 }
diff --git a/yarn.lock b/yarn.lock
