mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-25 04:24:43 -04:00
547f2239cc
As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions. Signed-off-by: Philip Molares <philip.molares@udo.edu>
30 lines
981 B
TypeScript
30 lines
981 B
TypeScript
/*
|
|
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
|
|
*
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
import { compare, hash } from 'bcrypt';
|
|
|
|
export async function hashPassword(cleartext: string): Promise<string> {
|
|
// hash the password with bcrypt and 2^12 iterations
|
|
// this was decided on the basis of https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#bcrypt
|
|
return await hash(cleartext, 12);
|
|
}
|
|
|
|
export async function checkPassword(
|
|
cleartext: string,
|
|
password: string,
|
|
): Promise<boolean> {
|
|
return await compare(cleartext, password);
|
|
}
|
|
|
|
export function bufferToBase64Url(text: Buffer): string {
|
|
// This is necessary as the is no base64url encoding in the toString method
|
|
// but as can be seen on https://tools.ietf.org/html/rfc4648#page-7
|
|
// base64url is quite easy buildable from base64
|
|
return text
|
|
.toString('base64')
|
|
.replace(/\+/g, '-')
|
|
.replace(/\//g, '_')
|
|
.replace(/=+$/, '');
|
|
}
|