Attempted adding of 'Salting' for the password, a method which adds random numbers or letters to make rainbowtable password cracking impossible, not tested yet

2025-02-02 12:33:47 +01:00
parent 3c6fdd0b59
commit 4c80caa52a
4 changed files with 399 additions and 311 deletions
--- a/api/helpers.ts
+++ b/api/helpers.ts
@@ -1,18 +1,16 @@
 /// <reference lib="deno.ns" />
 /**
 * @author Esad Mustafoski
 * @file api/helpers.ts
 * @description Helper functions for the API
 * 
 */
 import { Context } from "https://deno.land/x/oak/mod.ts";
 import { encodeHex } from "jsr:@std/encoding/hex";
 // import { hash } from "node:crypto";
 export type ApiResponse = {
-    status: number;
+  status: number;
-    body: unknown;
+  body: unknown;
 };
 // --- Helper Functions --- //
@@ -22,9 +20,9 @@ export type ApiResponse = {
 * Status is the HTTP Status code
 * Body is the response body/message/data.
 */
-const sendResponse = (ctx: Context, {status, body}: ApiResponse): void => {
+const sendResponse = (ctx: Context, { status, body }: ApiResponse): void => {
-    ctx.response.status = status;
+  ctx.response.status = status;
-    ctx.response.body = body as any;
+  ctx.response.body = body as any;
 };
 /**
@@ -32,24 +30,41 @@ const sendResponse = (ctx: Context, {status, body}: ApiResponse): void => {
 * @see sendResponse
 */
 const errorResponse = (ctx: Context, status: number, message: string): void => {
-    sendResponse(ctx, { status, body: { error: message } });
+  sendResponse(ctx, { status, body: { error: message } });
 };
 /**
 * @description password "Salter", used to salt the passwords before the hash, this salt will be
 * returned seperately to save the salt in the DB
 * @param password The password to salt
 * @returns {saltedPassword: string, salt: string} Password with the salt + Salt seperately, both strings
 */
 const saltPassword = async (
  password: string,
 ): Promise<{ saltedPassword: string; salt: string }> => {
  const saltBytes = new Uint8Array(16); // 16 bytes = 128 bits for randomness
  await crypto.getRandomValues(saltBytes);
  const salt = encodeHex(saltBytes);
  const saltedPassword = `${password}${salt}`;
  return {
    saltedPassword,
    salt,
  };
 };
 /**
 * @description Hashing Function for Passwords/etc
 * @param password The password to hash
 * @returns {hash: string} The hashed password as a string
 */
-const hashPassword = async(password: string): Promise<string> => {
+const hashPassword = async (password: string): Promise<string> => {
-    const to_hash = password;
+  const to_hash = password;
-    const buffer = new TextEncoder().encode(to_hash);
+  const buffer = new TextEncoder().encode(to_hash);
-    const hash_buffer = await crypto.subtle.digest("SHA-256", buffer);
+  const hash_buffer = await crypto.subtle.digest("SHA-256", buffer);
-    const hash = await encodeHex(hash_buffer);
+  const hash = await encodeHex(hash_buffer);
-    
+  return hash;
    return hash;
 }
 export {
    sendResponse,
    errorResponse,
    hashPassword
 };
 export { errorResponse, hashPassword, saltPassword, sendResponse };
--- a/api/main.ts
+++ b/api/main.ts
@@ -1,11 +1,16 @@
 /// <reference lib="deno.ns" />
 /**
 * @author Esad Mustafoski
- * Main API file, Handles all the routing/api stuff
+ * @ðescription Main API file, Handles all the routing/api stuff
 */
 // +++ IMPORTS ------------------------------------------------------ //
-import { Application, Router, Context, Next } from "https://deno.land/x/oak/mod.ts";
+import {
  Application,
  Context,
  Next,
  Router,
 } from "https://deno.land/x/oak/mod.ts";
 import { oakCors } from "https://deno.land/x/cors/mod.ts";
 import * as db_utils from "../database/utils.ts";
 import * as helper_utils from "./helpers.ts";
@@ -14,11 +19,11 @@ import * as helper_utils from "./helpers.ts";
 const router = new Router();
 const app = new Application();
-// For the future
+// unused for now
 type ApiResponse = {
-    status: number;
+  status: number;
-    body: unknown;
+  body: unknown;
-  }
+};
 // +++ ROUTER ------------------------------------------------------- //
 // Creates the routes for the API server.
@@ -27,13 +32,17 @@ type ApiResponse = {
 // Docs Routes
 router
-  .get("/", (ctx) => { ctx.response.body = "For endpoints, use /api/{name}"; })
+  .get("/", (ctx) => {
-  .get("/api", (ctx) => { ctx.response.body = "For API Documentation, visit /docs"; })
+    ctx.response.body = "For endpoints, use /api/{name}";
  })
  .get("/api", (ctx) => {
    ctx.response.body = "For API Documentation, visit /docs";
  });
-// Account routes
+// -- Account routes --
 router
-  .post("/api/account/login", api_login) // TODO 
+  .post("/api/account/login", api_login)
-  .post("/api/account/register", api_register) // TODO
+  .post("/api/account/register", api_register)
  .post("/api/account/logout", () => {}) // TODO
  .post("/api/account/password/forgot", () => {}) // TODO
  .post("/api/account/password/reset", () => {}) // TODO
@@ -41,177 +50,196 @@ router
  .post("/api/account/email/change-email", () => {}) // TODO
  .post("/api/account/email/verify-email", () => {}) // TODO
  .post("/api/account/delete-account", () => {}) // TODO
-  .post("/api/account/block", () => {}) // TODO
+  .post("/api/account/block", () => {}); // TODO
-// Auth Routes
+// -- Auth Routes --
 router
  .get("/api/auth", () => {}) // TODO
  .get("/api/auth/verify", () => {}) // TODO
-  .get("/api/auth/refresh", () => {}) // TODO
+  .get("/api/auth/refresh", () => {}); // TODO
-// User routes
+// -- User routes --
 router
  .get("/api/users", api_getAllUsers)
-  .get("/api/user/:id/info", api_user_getInfo); // @error GEHT NICHT
+  .get("/api/user/:id/info", api_user_getInfo);
-// Post routes  
+// -- Post routes --
 router
  .get("/api/posts", api_posts_getAll);
 // +++ FUNCTIONS ----------------------------------------------------- //
 /**
 * @description Stands between the client and the API
 * It checks if the client is authorized to access the API with a token/Multiple tokens
 * Currently not implemented
 * Middleware
 */
 async function authenticator(ctx: Context, next: Next): Promise<void> {
-    const authHeader = ctx.request.headers.get('Authorization');
+  const authHeader = ctx.request.headers.get("Authorization");
-    if (!authHeader) {
+  if (!authHeader) {
-        ctx.response.status = 401;
+    ctx.response.status = 401;
-        ctx.response.body = { error: "No header" };
+    ctx.response.body = { error: "No header" };
-        return;
+    return;
-    }
+  }
-    const match = authHeader.match(/^Bearer (.+)$/);
+  const match = authHeader.match(/^Bearer (.+)$/);
-    if (!match) {
+  if (!match) {
-        ctx.response.status = 401;
+    ctx.response.status = 401;
-        ctx.response.body = { error: "Invalid format" };
+    ctx.response.body = { error: "Invalid format" };
-        return;
+    return;
-    }
+  }
-    const token = match[1];
+  const token = match[1];
-    try {
+  try {
-        // Token  logic missing, not tried or attempted yet.
+    // Token logic missing, not tried or attempted yet.
-        await next();
+    await next();
-    } catch (error) {
+  } catch (error) {
-        ctx.response.status = 401;
+    ctx.response.status = 401;
-        ctx.response.body = { error: "Invalid token" };
+    ctx.response.body = { error: "Invalid token" };
-    }
+  }
 }
-async function tokenChecker(ctx: Context, next: Next): Promise<void>  {
+async function tokenChecker(ctx: Context, next: Next): Promise<void> {
-    // logic below (TODO):
+  // logic below (TODO):
-    /** 
+  /**
-     * 1. check if the token is valid
+   * 1. check if the token is valid
-     * 2. if valid, set the user in the context
+   * 2. if valid, set the user in the context
-     * 3. if not valid, return 401
+   * 3. if not valid, return 401
-     * 4. if token is missing, return 401
+   * 4. if: token missing, expired, blacklisted, !DB, !user or !correct user, return 401 with associated error
-     * 5. if token is expired, return 401
+   * eg: wrong user: 401 -> "Token not associated with this user"
-     * 6. if token is blacklisted, return 401
+   */
     * 7. if token is not in the database, return 401
     * 8. if token is not associated with a user, return 401
     * 9. if token is not associated with the correct user, return 401
     */
 }
 async function api_getAllUsers(ctx: Context): Promise<void> {
-    const getUsers = await db_utils.getAllUsersFromDB();
+  const getUsers = await db_utils.getAllUsersFromDB();
-    ctx.response.body = getUsers;
+  ctx.response.body = getUsers;
 }
 // Users
 async function api_user_getInfo(ctx: any): Promise<void> {
-    const id = ctx.params.id;
+  const id = ctx.params.id;
-    if (!id) {
+  if (!id) {
-        ctx.response.status = 400; // Bad Request status
+    ctx.response.status = 400;
-        ctx.response.body = { error: "User ID required" };
+    ctx.response.body = { error: "User ID required" };
-        return;
+    return;
  }
  try {
    const user = await db_utils.getAllUserInfoByID(id);
    if (user === null || user === undefined) {
      helper_utils.errorResponse(ctx, 404, "User not found");
      return;
    }
-    try {
+    ctx.response.body = user;
-        const user = await db_utils.getAllUserInfoByID(id);
+  } catch (error) {
-        if (user === null || user === undefined) {
+    helper_utils.errorResponse(ctx, 500, error as string);
-            helper_utils.errorResponse(ctx, 404, "User not found");
+  }
            return;
        }
        ctx.response.body = user;
    } catch (error) {
        helper_utils.errorResponse(ctx, 500, "Internal Server Error");
    }
 }
 // Posts
 async function api_posts_getAll(ctx: Context): Promise<void> {
-    const posts = await db_utils.getPostsFromDB();
+  const posts = await db_utils.getPostsFromDB();
-    ctx.response.body = posts;
+  ctx.response.body = posts;
 }
-// Comments
+// Comments (missing)
 // login/register
 async function api_register(ctx: Context): Promise<void> {
-    try {
+  try {
-        const body = ctx.request.body;
+    const body = ctx.request.body;
-        const result = await body.json();
+    const result = await body.json();
-        const { username, password, userGroup, displayname, user_email, firstname, surname} = result;
+    const {
-        const account_created = `${Math.floor(Date.now() / 1000)}-${new Date().toLocaleDateString('en-GB').split('/').join('-')}`;
+      username,
      password,
      userGroup,
      displayname,
      user_email,
      firstname,
      surname,
    } = result;
    const account_created = `${Math.floor(Date.now() / 1000)}-${
      new Date().toLocaleDateString("en-GB").split("/").join("-")
    }`;
-
+    if (
-        if ( !username || !password || !userGroup || !displayname || !user_email || !firstname || !surname) {
+      !username || !password || !userGroup || !displayname || !user_email ||
-            helper_utils.errorResponse(ctx, 400, "Missing required fields");
+      !firstname || !surname
-            return;
+    ) {
-        }
+      helper_utils.errorResponse(ctx, 400, "Missing required fields");
-
+      return;
        const hash = await helper_utils.hashPassword(password);
        const userId = await db_utils.registerUser(username, hash, userGroup, displayname, user_email, firstname, surname, account_created);
        helper_utils.sendResponse(ctx, { status: 200, body: `Registered under name: ${userId}` });
    } catch (error) {
        console.log(error);
        helper_utils.errorResponse(ctx, 500, "Invalid request");
        return;
    }
    // First salt the password
    const { saltedPassword, salt } = await helper_utils.saltPassword(password);
    // Then hash the salted password
    const hash = await helper_utils.hashPassword(saltedPassword);
    const userId = await db_utils.registerUser(
      username,
      hash,
      salt,
      userGroup,
      displayname,
      user_email,
      firstname,
      surname,
      account_created,
    );
    helper_utils.sendResponse(ctx, {
      status: 200,
      body: `Registered under name: ${userId}`,
    });
  } catch (error) {
    console.log(error);
    helper_utils.errorResponse(ctx, 500, "Invalid request");
    return;
  }
 }
 async function api_login(ctx: Context): Promise<string> {
-    try {
+  try {
-        const body = ctx.request.body;
+    const body = ctx.request.body;
-        const result = await body.json();
+    const result = await body.json();
-        const { username, password } = result;
+    const { username, password } = result;
-        if (!username || !password) {
+    if (!username || !password) {
-            helper_utils.errorResponse(ctx, 400, "Missing required fields");
+      helper_utils.errorResponse(ctx, 400, "Missing required fields");
-            return "Error";
+      return "Error";
-        }
+    }
-        const user = await db_utils.getUserByUsername(username);
+    const user = await db_utils.getUserByUsername(username);
-        if (!user) {
+    if (!user) {
-            helper_utils.errorResponse(ctx, 404, "User not found");
+      helper_utils.errorResponse(ctx, 404, "User not found");
-            return "Error";
+      return "Error";
-        }
+    }
-        const hash = await helper_utils.hashPassword(password);
+    // Get the stored salt for this user
-        if (user.password !== hash) {
+    const storedSalt = user.password_salt;
-            helper_utils.errorResponse(ctx, 401, "Invalid password");
+    // Salt the provided password with the stored salt
-            return "Error";
+    const saltedPassword = `${password}${storedSalt}`;
-        }
+    // Hash the salted password
    const hash = await helper_utils.hashPassword(saltedPassword);
-
+    // Compare with stored hash
-    } catch (error) {
+    if (user.password !== hash) {
-        console.log(error);
+      helper_utils.errorResponse(ctx, 401, "Invalid password");
-        helper_utils.errorResponse(ctx, 500, "Invalid request");
+      return "Error";
        return "Error";
    }
    helper_utils.sendResponse(ctx, { status: 200, body: "Success" });
    return "Success";
  } catch (error) {
    console.log(error);
    helper_utils.errorResponse(ctx, 500, "Invalid request");
    return "Error";
  }
 }
 // Filtering
 // +++ APP ---------------------------------------------------------- //
 app.use(oakCors({
-    origin: '*',
+  origin: "*",
-    credentials: true,
+  credentials: true,
 }));
 app.use(router.routes());
 app.use(router.allowedMethods());
--- a/database/create_db.ts
+++ b/database/create_db.ts
@@ -15,7 +15,7 @@ const dbPath: string = join(_dirname, "../database/esp-projekt.sqlite");
 const db = new DB(dbPath);
 export function createDatabase(): void {
-    db.execute(`
+  db.execute(`
        CREATE TABLE IF NOT EXISTS accounts (
            uuid INTEGER PRIMARY KEY AUTOINCREMENT,
            user_group TEXT,
@@ -24,6 +24,7 @@ export function createDatabase(): void {
            user_username TEXT,
            user_e-mail TEXT,
            password TEXT,
            password_salt TEXT,
            firstname TEXT,
            surname TEXT,
            account_created TEXT,
@@ -50,28 +51,34 @@ export function createDatabase(): void {
            likes INTEGER
        )
    `);
-};
+}
 // Sample data generated using AI, does not work yet and will be adjusted
 export function insertSampleData(): void {
-    db.query(`INSERT INTO accounts (user_group, user_bio, user_displayname, user_username, user_email, password, firstname, surname, account_created, followers, following, contacts) VALUES
+  db.query(
-        ('admin', 'Admin bio', 'Admin User', 'admin', 'admin@example.com', 'hashedpass1', 'Admin', 'User', '2024-01-01', '[]', '[]', '[]', '[]'),
+    `INSERT INTO accounts (user_group, user_bio, user_displayname, user_username, user_email, password, password_salt, firstname, surname, account_created, followers, following, contacts) VALUES
-        ('user', 'I love coding!', 'John Dev', 'johndev', 'john@example.com', 'hashedpass2', 'John', 'Smith', '2024-01-02', '[]', '[3,4]', '[1,2]', '[]'),
+        ('admin', 'Admin bio', 'Admin User', 'admin', 'admin@example.com', 'hashedpass1', 'salt1', 'Admin', 'User', '2024-01-01', '[]', '[]', '[]', '[]'),
-        ('user', 'Photography enthusiast', 'Alice', 'alice_photo', 'alice@example.com', 'hashedpass3', 'Alice', 'Johnson', '2024-01-03', '[5]', '[1]', '[2]', '[]')
+        ('user', 'I love coding!', 'John Dev', 'johndev', 'john@example.com', 'hashedpass2', 'salt2', 'John', 'Smith', '2024-01-02', '[]', '[3,4]', '[1,2]', '[]'),
-    `);
+        ('user', 'Photography enthusiast', 'Alice', 'alice_photo', 'alice@example.com', 'hashedpass3', 'salt3', 'Alice', 'Johnson', '2024-01-03', '[5]', '[1]', '[2]', '[]')
    `,
  );
-    db.query(`INSERT INTO posts (user_id, created_at, post_text, likes, comments) VALUES
+  db.query(
    `INSERT INTO posts (user_id, created_at, post_text, likes, comments) VALUES
        (1, '2024-01-15 10:00:00', 'First post about programming!', 5, 2),
        (1, '2024-01-15 11:30:00', 'Check out this new feature', 10, 3),
        (2, '2024-01-16 09:15:00', 'Just learned about TypeScript', 8, 1),
        (3, '2024-01-16 14:20:00', 'Posted my new photo collection', 15, 4)
-    `);
+    `,
  );
-    db.query(`INSERT INTO comments (post_id, author_user_id, date_created_at, text, likes) VALUES
+  db.query(
    `INSERT INTO comments (post_id, author_user_id, date_created_at, text, likes) VALUES
        (1, 2, '2024-01-15 10:05:00', 'Great post!', 3),
        (1, 3, '2024-01-15 10:10:00', 'Very informative', 2),
        (2, 3, '2024-01-15 11:35:00', 'Nice feature', 4),
        (3, 1, '2024-01-16 09:20:00', 'TypeScript is awesome', 5),
        (4, 2, '2024-01-16 14:25:00', 'Beautiful photos!', 6)
-    `);
+    `,
-};
+  );
 }
--- a/database/utils.ts
+++ b/database/utils.ts
@@ -11,10 +11,9 @@ import { dirname, fromFileUrl, join } from "https://deno.land/std/path/mod.ts";
 import * as db_create from "./create_db.ts";
 // +++ VARIABLES ---------------------------------------------------- //
-// __dirname Is never getting used again, It's only needed because the DB Import
+// _dirname Is never getting used again, It's only needed because the DB Import
 // from SQLite doesn't like relative paths, so I use this as
 // A Workaround
 const _dirname: string = dirname(fromFileUrl(import.meta.url));
 const dbPath: string = join(_dirname, "../database/esp-projekt.sqlite");
 const db = new DB(dbPath);
@@ -22,119 +21,126 @@ const db = new DB(dbPath);
 // +++ INTERFACES --------------------------------------------------- //
 // Used in the Functions to define the return type/Avoid type errors
 interface Post {
-    posts_uuid: number;
+  posts_uuid: number;
-    user_id: number;
+  user_id: number;
-    created_at: string;
+  created_at: string;
-    post_text: string;
+  post_text: string;
-    likes: number;
+  likes: number;
-    comments: number;
+  comments: number;
 }
 interface Accounts {
-    user_id: number;
+  user_id: number;
-    user_group: string;
+  user_group: string;
-    bio: string;
+  bio: string;
-    displayname: string;
+  displayname: string;
-    username: string;
+  username: string;
-    user_email: string;
+  user_email: string;
-    password: string;
+  password: string;
-    firstname: string;
+  password_salt: string;
-    surname: string;
+  firstname: string;
-    account_created: string;
+  surname: string;
-    blocked_users: string;
+  account_created: string;
-    followers: string;
+  blocked_users: string;
-    following: string;
+  followers: string;
-    contacts: string;
+  following: string;
  contacts: string;
 }
 interface Comments {
-    comment_id: number;
+  comment_id: number;
-    post_id: number;
+  post_id: number;
-    author_user_id: number;
+  author_user_id: number;
-    date_created_at: string;
+  date_created_at: string;
-    text: string;
+  text: string;
-    likes: number;
+  likes: number;
 }
 // +++ Helper ------------------------------------------------------ //
 function mapPostRow(row: Row): Post {
-    const [posts_uuid, user_id, created_at, post_text, likes, comments] = row;
+  const [posts_uuid, user_id, created_at, post_text, likes, comments] = row;
-    return {
+  return {
-        posts_uuid: Number(posts_uuid),
+    posts_uuid: Number(posts_uuid),
-        user_id: Number(user_id),
+    user_id: Number(user_id),
-        created_at: String(created_at),
+    created_at: String(created_at),
-        post_text: String(post_text),
+    post_text: String(post_text),
-        likes: Number(likes),
+    likes: Number(likes),
-        comments: Number(comments),
+    comments: Number(comments),
-    };
+  };
 }
 function mapAccountRow(row: Row): Accounts {
-    const [
+  const [
-        user_id,
+    user_id,
-        user_group,
+    user_group,
-        bio,
+    bio,
-        displayname,
+    displayname,
-        username,
+    username,
-        user_email,
+    user_email,
-        password,
+    password,
-        firstname,
+    password_salt,
-        surname,
+    firstname,
-        account_created,
+    surname,
-        blocked_users,
+    account_created,
-        followers,
+    blocked_users,
-        following,
+    followers,
-        contacts,
+    following,
-    ] = row;
+    contacts,
-    return {
+  ] = row;
-        user_id: Number(user_id),
+  return {
-        user_group: String(user_group),
+    user_id: Number(user_id),
-        bio: String(bio),
+    user_group: String(user_group),
-        displayname: String(displayname),
+    bio: String(bio),
-        username: String(username),
+    displayname: String(displayname),
-        user_email: String(user_email),
+    username: String(username),
-        password: String(password),
+    user_email: String(user_email),
-        firstname: String(firstname),
+    password: String(password),
-        surname: String(surname),
+    password_salt: String(password_salt),
-        account_created: String(account_created),
+    firstname: String(firstname),
-        blocked_users: String(blocked_users),
+    surname: String(surname),
-        followers: String(followers),
+    account_created: String(account_created),
-        following: String(following),
+    blocked_users: String(blocked_users),
-        contacts: String(contacts),
+    followers: String(followers),
-    };
+    following: String(following),
    contacts: String(contacts),
  };
 }
 function mapCommentRow(row: Row): Comments {
-    const [
+  const [
-        comment_id,
+    comment_id,
-        post_id,
+    post_id,
-        author_user_id,
+    author_user_id,
-        date_created_at,
+    date_created_at,
-        text,
+    text,
-        likes,
+    likes,
-    ] = row;
+  ] = row;
-    return {
+  return {
-        comment_id: Number(comment_id),
+    comment_id: Number(comment_id),
-        post_id: Number(post_id),
+    post_id: Number(post_id),
-        author_user_id: Number(author_user_id),
+    author_user_id: Number(author_user_id),
-        date_created_at: String(date_created_at),
+    date_created_at: String(date_created_at),
-        text: String(text),
+    text: String(text),
-        likes: Number(likes),
+    likes: Number(likes),
-    };
+  };
 }
 // "T" is a generic type, it can be anything and makes the function "flexible"(?)
-async function queryDatabase<T>(query: string, params: any[], mapRow: (row: Row) => T,): Promise<T[]> {
+async function queryDatabase<T>(
-    const results: T[] = [];
+  query: string,
-    try {
+  params: any[],
-        const rows = await db.query(query, params);
+  mapRow: (row: Row) => T,
-        for (const row of rows) {
+): Promise<T[]> {
-            results.push(mapRow(row));
+  const results: T[] = [];
-        }
+  try {
-    } catch (error) {
+    const rows = await db.query(query, params);
-        console.error("Database query error:", error);
+    for (const row of rows) {
      results.push(mapRow(row));
    }
-    return results;
+  } catch (error) {
    console.error("Database query error:", error);
  }
  return results;
 }
 // +++ FUNCTIONS --------------------------------------------------- //
@@ -144,11 +150,11 @@ async function queryDatabase<T>(query: string, params: any[], mapRow: (row: Row)
 * @file ./create_db.ts
 */
 function insertSamples(): void {
-    db_create.insertSampleData();
+  db_create.insertSampleData();
 }
 function createDatabaseIfNotExist(): void {
-    db_create.createDatabase();
+  db_create.createDatabase();
 }
 /**
@@ -158,19 +164,19 @@ function createDatabaseIfNotExist(): void {
 * @returns Array of all Posts in the Database
 */
 async function getPostsFromDB(user_uuid?: string): Promise<Post[]> {
-    const query = user_uuid
+  const query = user_uuid
-      ? `SELECT * FROM posts WHERE user_id = ?`
+    ? `SELECT * FROM posts WHERE user_id = ?`
-      : `SELECT * FROM posts`;
+    : `SELECT * FROM posts`;
-    const params = user_uuid ? [user_uuid] : [];
+  const params = user_uuid ? [user_uuid] : [];
-    return await queryDatabase<Post>(query, params, mapPostRow);
+  return await queryDatabase<Post>(query, params, mapPostRow);
-  }
+}
 /**
 * @returns Array of all Users in the Database
 */
 async function getAllUsersFromDB(): Promise<Accounts[]> {
-    const query = `SELECT * FROM accounts`;
+  const query = `SELECT * FROM accounts`;
-    return await queryDatabase<Accounts>(query, [], mapAccountRow);
+  return await queryDatabase<Accounts>(query, [], mapAccountRow);
 }
 /**
@@ -178,10 +184,10 @@ async function getAllUsersFromDB(): Promise<Accounts[]> {
 * @returns Returns the Accounts for the User with the given username
 */
 async function getUserByUsername(username: string): Promise<Accounts> {
-    const query = `SELECT * FROM accounts WHERE user_username = '${username}'`;
+  const query = `SELECT * FROM accounts WHERE user_username = '${username}'`;
-    const params:string[] = [];
+  const params: string[] = [];
-    const result = await queryDatabase<Accounts>(query, params, mapAccountRow);
+  const result = await queryDatabase<Accounts>(query, params, mapAccountRow);
-    return result[0];
+  return result[0];
 }
 /**
@@ -191,11 +197,11 @@ async function getUserByUsername(username: string): Promise<Accounts> {
 * @returns Array of Comments for the Post, or an empty Array if there are no Comments
 */
 async function getCommentsFromDB(post_id?: number): Promise<Comments[]> {
-    const query = post_id
+  const query = post_id
-      ? `SELECT * FROM comments WHERE post_id = ?`
+    ? `SELECT * FROM comments WHERE post_id = ?`
-      : `SELECT * FROM comments`;
+    : `SELECT * FROM comments`;
-    const params = post_id ? [post_id] : [];
+  const params = post_id ? [post_id] : [];
-    return await queryDatabase<Comments>(query, params, mapCommentRow);
+  return await queryDatabase<Comments>(query, params, mapCommentRow);
 }
 /**
@@ -203,7 +209,7 @@ async function getCommentsFromDB(post_id?: number): Promise<Comments[]> {
 * @returns Array of Comments for the Comment, or an empty Array if there are no Comments
 */
 function getCommentsForComments(comment_id: number) {
-    // Will be rewritten to use the queryDatabase function
+  // Will be rewritten to use the queryDatabase function
 }
 /**
@@ -213,7 +219,7 @@ function getCommentsForComments(comment_id: number) {
 * Might be required for Administrating the User
 */
 async function getAllUserInfoByID(user_id: string) {
-    // Will be rewritten to use the queryDatabase function
+  // Will be rewritten to use the queryDatabase function
 }
 /**
@@ -222,47 +228,79 @@ async function getAllUserInfoByID(user_id: string) {
 */
 // Filter Functions, Not yet implemented
 function filterForImagePosts(posts_to_filter: Array<any>) {
-    return [];
+  return [];
 }
 function filterForVideoPosts(posts_to_filter: Array<any>) {
-    return [];
+  return [];
 }
 function filterForTextPosts(posts_to_filter: Array<any>) {
-    return [];
+  return [];
 }
 // Register/Login/User
 /**
- * @param user The name of the User to add
+ * @param user The username of the User to add
- * @param password The password of the User to add
+ * @param password The hashed password of the User to add
- * @returns Array of Posts from the User, or an empty Array if the User doesn't exist or has no Posts
+ * @param salt The salt used for the password
 * @returns "noUser" if user exists, "newUser" if registration successful
 */
-function registerUser (user: string, password: string, userGroup: string, displayname: string, user_email: string, firstname: string, surname: string, account_created: string): string {
+function registerUser(
-    const query_user_exists = `SELECT * FROM accounts WHERE user_username = '${user}'`;
+  user: string,
-    if (!query_user_exists) {
+  password: string,
-        return "noUser";
+  salt: string,
-    }
+  userGroup: string,
  displayname: string,
  user_email: string,
  firstname: string,
  surname: string,
  account_created: string,
 ): string {
  const query_user_exists =
    `SELECT * FROM accounts WHERE user_username = '${user}'`;
  if (!query_user_exists) {
    return "noUser";
  }
-    const query_add_user = `INSERT INTO accounts (user_username, password, user_group, user_displayname, user_email, firstname, surname, account_created) VALUES ('${user}', '${password}', '${userGroup}', '${displayname}', '${user_email}', '${firstname}', '${surname}', '${account_created}')`;
+  const query_add_user = `
-    db.query(query_add_user);
+        INSERT INTO accounts (
-    console.log(`New user: ${user}`)
+            user_username, 
            password, 
            password_salt,
            user_group, 
            user_displayname, 
            user_email, 
            firstname, 
            surname, 
            account_created
        ) VALUES (
            '${user}', 
            '${password}', 
            '${salt}',
            '${userGroup}', 
            '${displayname}', 
            '${user_email}', 
            '${firstname}', 
            '${surname}', 
            '${account_created}'
        )`;
  db.query(query_add_user);
  console.log(`New user: ${user}`);
-    return "newUser";
+  return "newUser";
 }
 // Exporting all functions as this is a module
 export {
-    registerUser,
+  createDatabaseIfNotExist,
-    createDatabaseIfNotExist,
+  getAllUserInfoByID,
-    getAllUserInfoByID,
+  getAllUsersFromDB,
-    getAllUsersFromDB,
+  getCommentsForComments,
-    getUserByUsername,
+  getCommentsFromDB,
-    getCommentsForComments,
+  getPostsFromDB,
-    getCommentsFromDB,
+  getUserByUsername,
-    getPostsFromDB,
+  insertSamples,
-    insertSamples,
+  registerUser,
 };