mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-17 16:44:49 -04:00
30 lines
981 B
TypeScript
30 lines
981 B
TypeScript
/*
|
|
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
|
|
*
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
import { compare, hash } from 'bcrypt';
|
|
|
|
export async function hashPassword(cleartext: string): Promise<string> {
|
|
// hash the password with bcrypt and 2^12 iterations
|
|
// this was decided on the basis of https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#bcrypt
|
|
return await hash(cleartext, 12);
|
|
}
|
|
|
|
export async function checkPassword(
|
|
cleartext: string,
|
|
password: string,
|
|
): Promise<boolean> {
|
|
return await compare(cleartext, password);
|
|
}
|
|
|
|
export function bufferToBase64Url(text: Buffer): string {
|
|
// This is necessary as the is no base64url encoding in the toString method
|
|
// but as can be seen on https://tools.ietf.org/html/rfc4648#page-7
|
|
// base64url is quite easy buildable from base64
|
|
return text
|
|
.toString('base64')
|
|
.replace(/\+/g, '-')
|
|
.replace(/\//g, '_')
|
|
.replace(/=+$/, '');
|
|
}
|