chore: move password related functions from AuthService to utils file

As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>

src/utils/password.ts

@@ -0,0 +1,30 @@
+/*
+ * SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import { compare, hash } from 'bcrypt';
+
+export async function hashPassword(cleartext: string): Promise<string> {
+  // hash the password with bcrypt and 2^12 iterations
+  // this was decided on the basis of https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#bcrypt
+  return await hash(cleartext, 12);
+}
+
+export async function checkPassword(
+  cleartext: string,
+  password: string,
+): Promise<boolean> {
+  return await compare(cleartext, password);
+}
+
+export function bufferToBase64Url(text: Buffer): string {
+  // This is necessary as the is no base64url encoding in the toString method
+  // but as can be seen on https://tools.ietf.org/html/rfc4648#page-7
+  // base64url is quite easy buildable from base64
+  return text
+    .toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=+$/, '');
+}