Skip to content

Commit

Permalink
refactor: Replace bcrypt with client-side SHA-256 hashing for passwor…
Browse files Browse the repository at this point in the history 
…d security
  • Loading branch information
@stritti
stritti committed Dec 2, 2024
1 parent 06623a5 commit 82f0e31
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 48 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
},
"dependencies": {
"airtable": "^0.12.2",
"bcrypt": "^5.1.1",
"js-sha256": "^0.10.1",
"bootstrap": "^5.3.3",
"bootstrap-vue-next": "^0.25.6",
"dompurify": "^3.2.0",
Expand Down
83 changes: 36 additions & 47 deletions src/services/account.service.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
import type Account from '@/models/Account'
import airtableBase from './airtable.service'
import bcrypt from 'bcrypt'
import { sha256 } from 'js-sha256'

const TABLE_NAME = 'Account'
const ACTIVE_VIEW = 'Grid view'
const SALT_ROUNDS = 10 // Number of salt rounds for bcrypt

class AccountService {
/**
Expand All @@ -25,7 +24,7 @@ class AccountService {
accounts.push({
id: record.id,
name: record.get('Name') as string,
email: record.get('E-Mmail') as string,
email: record.get('E-Mail') as string,
password: record.get('Password') as string,
// Add other fields as needed
})
Expand All @@ -51,47 +50,42 @@ class AccountService {
*/
async createAccount(account: Account): Promise<Account | null> {
return new Promise((resolve, reject) => {
// Hash the password before storing
bcrypt.hash(account.password, SALT_ROUNDS, (err: Error | null, hashedPassword: string) => {
if (err) {
reject(err)
return
}
// Use SHA-256 for client-side hashing
const hashedPassword = sha256(account.password)

airtableBase(TABLE_NAME).create(
[
{
fields: {
'Name': account.name,
'E-Mail': account.email,
'Password': hashedPassword, // Store hashed password
// Add other fields as needed
}
}
],
(err, records) => {
if (err) {
console.error(err)
reject(err)
return
airtableBase(TABLE_NAME).create(
[
{
fields: {
'Name': account.name,
'E-Mail': account.email,
'Password': hashedPassword, // Store hashed password
// Add other fields as needed
}
}
],
(err, records) => {
if (err) {
console.error(err)
reject(err)
return
}

if (records && records.length > 0) {
const createdRecord = records[0]
const createdAccount: Account = {
id: createdRecord.id,
name: createdRecord.get('Name') as string,
email: createdRecord.get('E-Mail') as string,
password: '', // Do not return the hashed password
// Add other fields as needed
}
resolve(createdAccount)
} else {
resolve(null)
if (records && records.length > 0) {
const createdRecord = records[0]
const createdAccount: Account = {
id: createdRecord.id,
name: createdRecord.get('Name') as string,
email: createdRecord.get('E-Mail') as string,
password: '', // Do not return the hashed password
// Add other fields as needed
}
resolve(createdAccount)
} else {
resolve(null)
}
)
})
}
)
})
}

Expand Down Expand Up @@ -154,15 +148,10 @@ class AccountService {
}

const storedPassword = records[0].get('Password') as string
const hashedInputPassword = sha256(password)

// Compare provided password with stored hash
bcrypt.compare(password, storedPassword, (err: Error | null, result: boolean) => {
if (err) {
reject(err)
} else {
resolve(result)
}
})
// Compare hashed passwords
resolve(hashedInputPassword === storedPassword)

fetchNextPage()
},
Expand Down

0 comments on commit 82f0e31

Please sign in to comment.