From 75f809051c681f756dcc8c0a3b83d29c3b9b6aee Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Wed, 14 Jun 2023 11:31:31 +0200
Subject: [PATCH] refactor out password hashing in login.post.ts

this will be used to create the first user account in an empty database
---
 server/api/login.post.ts | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/server/api/login.post.ts b/server/api/login.post.ts
index b011aaf..f603761 100644
--- a/server/api/login.post.ts
+++ b/server/api/login.post.ts
@@ -6,6 +6,12 @@ import { isString } from "../utils/isString";
 import { cookieSettings } from "../utils/rootUtils";
 import Snowflake from "~/utils/snowflake";
 
+export function getPasswordHash(password: string) {
+  return crypto.createHmac("sha512", "42")
+    .update(password)
+    .digest();
+}
+
 export default defineEventHandler(async (e) => {
   if (getCookie(e, "token"))
     throw createError({ statusCode: 501, message: "Case not implemented: logging in while cookie is set" });
@@ -18,12 +24,10 @@ export default defineEventHandler(async (e) => {
   if (!isString(login)) throw createError({ statusCode: 400, message: "Login is not string." });
   if (!isString(password)) throw createError({ statusCode: 400, message: "Password is not string." });
 
-  const hashedPassword = crypto.createHmac("sha512", "42")
-    .update(password)
-    .digest("hex");
+  const hashedPassword = getPasswordHash(password);
 
   const [account] = await database.query(
-    "SELECT CONVERT(`id`, CHAR(32)) AS `id` from `users` WHERE `username` = ? AND LOWER(HEX(`password`)) = ? LIMIT 1",
+    "SELECT CONVERT(`id`, CHAR(32)) AS `id` from `users` WHERE `username` = ? AND `password` = ? LIMIT 1",
     [login, hashedPassword],
   )as unknown as data<{id: string}>;