forked from Wroclaw/WorkshopTasker
refactor out password hashing in login.post.ts
this will be used to create the first user account in an empty database
This commit is contained in:
parent
bbe0c91d7e
commit
75f809051c
1 changed files with 8 additions and 4 deletions
|
@ -6,6 +6,12 @@ import { isString } from "../utils/isString";
|
||||||
import { cookieSettings } from "../utils/rootUtils";
|
import { cookieSettings } from "../utils/rootUtils";
|
||||||
import Snowflake from "~/utils/snowflake";
|
import Snowflake from "~/utils/snowflake";
|
||||||
|
|
||||||
|
export function getPasswordHash(password: string) {
|
||||||
|
return crypto.createHmac("sha512", "42")
|
||||||
|
.update(password)
|
||||||
|
.digest();
|
||||||
|
}
|
||||||
|
|
||||||
export default defineEventHandler(async (e) => {
|
export default defineEventHandler(async (e) => {
|
||||||
if (getCookie(e, "token"))
|
if (getCookie(e, "token"))
|
||||||
throw createError({ statusCode: 501, message: "Case not implemented: logging in while cookie is set" });
|
throw createError({ statusCode: 501, message: "Case not implemented: logging in while cookie is set" });
|
||||||
|
@ -18,12 +24,10 @@ export default defineEventHandler(async (e) => {
|
||||||
if (!isString(login)) throw createError({ statusCode: 400, message: "Login is not string." });
|
if (!isString(login)) throw createError({ statusCode: 400, message: "Login is not string." });
|
||||||
if (!isString(password)) throw createError({ statusCode: 400, message: "Password is not string." });
|
if (!isString(password)) throw createError({ statusCode: 400, message: "Password is not string." });
|
||||||
|
|
||||||
const hashedPassword = crypto.createHmac("sha512", "42")
|
const hashedPassword = getPasswordHash(password);
|
||||||
.update(password)
|
|
||||||
.digest("hex");
|
|
||||||
|
|
||||||
const [account] = await database.query(
|
const [account] = await database.query(
|
||||||
"SELECT CONVERT(`id`, CHAR(32)) AS `id` from `users` WHERE `username` = ? AND LOWER(HEX(`password`)) = ? LIMIT 1",
|
"SELECT CONVERT(`id`, CHAR(32)) AS `id` from `users` WHERE `username` = ? AND `password` = ? LIMIT 1",
|
||||||
[login, hashedPassword],
|
[login, hashedPassword],
|
||||||
)as unknown as data<{id: string}>;
|
)as unknown as data<{id: string}>;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue