Attempted adding of 'Salting' for the password, a method which adds random numbers or letters to make rainbowtable password cracking impossible, not tested yet
This commit is contained in:
Esad Mustafoski
@@ -1,18 +1,16 @@
|
||||
/// <reference lib="deno.ns" />
|
||||
|
||||
/**
|
||||
/**
|
||||
* @author Esad Mustafoski
|
||||
* @file api/helpers.ts
|
||||
* @description Helper functions for the API
|
||||
*
|
||||
*/
|
||||
import { Context } from "https://deno.land/x/oak/mod.ts";
|
||||
import { encodeHex } from "jsr:@std/encoding/hex";
|
||||
// import { hash } from "node:crypto";
|
||||
|
||||
export type ApiResponse = {
|
||||
status: number;
|
||||
body: unknown;
|
||||
status: number;
|
||||
body: unknown;
|
||||
};
|
||||
|
||||
// --- Helper Functions --- //
|
||||
@@ -22,9 +20,9 @@ export type ApiResponse = {
|
||||
* Status is the HTTP Status code
|
||||
* Body is the response body/message/data.
|
||||
*/
|
||||
const sendResponse = (ctx: Context, {status, body}: ApiResponse): void => {
|
||||
ctx.response.status = status;
|
||||
ctx.response.body = body as any;
|
||||
const sendResponse = (ctx: Context, { status, body }: ApiResponse): void => {
|
||||
ctx.response.status = status;
|
||||
ctx.response.body = body as any;
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -32,24 +30,41 @@ const sendResponse = (ctx: Context, {status, body}: ApiResponse): void => {
|
||||
* @see sendResponse
|
||||
*/
|
||||
const errorResponse = (ctx: Context, status: number, message: string): void => {
|
||||
sendResponse(ctx, { status, body: { error: message } });
|
||||
sendResponse(ctx, { status, body: { error: message } });
|
||||
};
|
||||
|
||||
/**
|
||||
* @description Hashing Function for Passwords/etc
|
||||
* @param password The password to hash
|
||||
/**
|
||||
* @description password "Salter", used to salt the passwords before the hash, this salt will be
|
||||
* returned seperately to save the salt in the DB
|
||||
* @param password The password to salt
|
||||
* @returns {saltedPassword: string, salt: string} Password with the salt + Salt seperately, both strings
|
||||
*/
|
||||
const hashPassword = async(password: string): Promise<string> => {
|
||||
const to_hash = password;
|
||||
const buffer = new TextEncoder().encode(to_hash);
|
||||
const hash_buffer = await crypto.subtle.digest("SHA-256", buffer);
|
||||
const hash = await encodeHex(hash_buffer);
|
||||
|
||||
return hash;
|
||||
}
|
||||
const saltPassword = async (
|
||||
password: string,
|
||||
): Promise<{ saltedPassword: string; salt: string }> => {
|
||||
const saltBytes = new Uint8Array(16); // 16 bytes = 128 bits for randomness
|
||||
await crypto.getRandomValues(saltBytes);
|
||||
const salt = encodeHex(saltBytes);
|
||||
|
||||
export {
|
||||
sendResponse,
|
||||
errorResponse,
|
||||
hashPassword
|
||||
const saltedPassword = `${password}${salt}`;
|
||||
|
||||
return {
|
||||
saltedPassword,
|
||||
salt,
|
||||
};
|
||||
};
|
||||
|
||||
/**
|
||||
* @description Hashing Function for Passwords/etc
|
||||
* @param password The password to hash
|
||||
* @returns {hash: string} The hashed password as a string
|
||||
*/
|
||||
const hashPassword = async (password: string): Promise<string> => {
|
||||
const to_hash = password;
|
||||
const buffer = new TextEncoder().encode(to_hash);
|
||||
const hash_buffer = await crypto.subtle.digest("SHA-256", buffer);
|
||||
const hash = await encodeHex(hash_buffer);
|
||||
return hash;
|
||||
};
|
||||
|
||||
export { errorResponse, hashPassword, saltPassword, sendResponse };
|
||||
|
||||
Reference in New Issue
Block a user