Merge branch 'hash-pwds' into 'master' (0e0fa5fe) · Commits · Jakub Uhlárik / Pcbuilder

backend/package.json

+1 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,7 @@
		"dependencies": {
		"@pcbuilder/common": "file:../common",
		"@prisma/client": "^4.14.1",
		"argon2": "^0.30.3",
		"cors": "^2.8.5",
		"dotenv": "^16.0.3",
		"express": "^4.18.2",

+2 −1

Original line number	Diff line number	Diff line
		import { AccessRole, Account, schema } from '@pcbuilder/common/api';
		import { pick } from '@pcbuilder/common/utils';
		import argon2 from 'argon2';
		import type { Request } from 'express';
		import db from '../../repositories';
		import { handler } from '../common';
		@@ -14,7 +15,7 @@ export const login = handler({
		// Current model is that only admins have accounts.
		const account = new Account({ ...record, roles: [AccessRole.ADMIN] });

		if (record.password === data.password) {
		if (await argon2.verify(record.password, data.password)) {
		req.session.account = account;
		} else {
		throw new Unauthorized('Wrong password');

+4 −2

Original line number	Diff line number	Diff line
		import { AccessRole, Account, schema } from '@pcbuilder/common/api';
		import argon2 from 'argon2';
		import type { Request } from 'express';
		import { StatusCodes } from 'http-status-codes';
		import db from '../../repositories';
		@@ -8,10 +9,11 @@ export const register = handler({
		fn: async (req: Request<{}>) => {
		const data = await schema.auth.register.parseAsync(req.body);

		const hash = await argon2.hash(data.password);

		const record = await db.account.create({
		...data,
		// FIXME: hash
		password: data.password,
		password: hash,
		});

		// Current model is that only admins have accounts.

+11 −1

Original line number	Diff line number	Diff line
		/* eslint-disable @typescript-eslint/dot-notation */

		import { Prisma } from '@prisma/client';
		import argon2 from 'argon2';
		import accounts from './accounts';
		import dataset from './data';
		import prisma from '../repositories/client';
		@@ -237,7 +238,16 @@ const seedComponents = async (tx: Prisma.TransactionClient) => {
		};

		const seedAccounts = async (tx: Prisma.TransactionClient) => {
		await Promise.all(accounts.map((data) => tx.account.create({ data })));
		await Promise.all(
		accounts.map(async (data) =>
		tx.account.create({
		data: {
		...data,
		password: await argon2.hash(data.password),
		},
		})
		)
		);
		};

		const seed = async () => {

+484 −50

File changed.

Preview size limit exceeded, changes collapsed.