uptime-kuma/server/password-hash.js

const passwordHashOld = require("password-hash");
const bcrypt = require("bcryptjs");
const saltRounds = 10;

/**
 * Hash a password
 * @param {string} password Password to hash
 * @returns {string} Hash
 */
exports.generate = function (password) {
    return bcrypt.hashSync(password, saltRounds);
};

/**
 * Verify a password against a hash
 * @param {string} password Password to verify
 * @param {string} hash Hash to verify against
 * @returns {boolean} Does the password match the hash?
 */
exports.verify = function (password, hash) {
    if (isSHA1(hash)) {
        return passwordHashOld.verify(password, hash);
    }

    return bcrypt.compareSync(password, hash);
};

/**
 * Is the hash a SHA1 hash
 * @param {string} hash Hash to check
 * @returns {boolean} Is SHA1 hash?
 */
function isSHA1(hash) {
    return (typeof hash === "string" && hash.startsWith("sha1"));
}

/**
 * Does the hash need to be rehashed?
 * @param {string} hash Hash to check
 * @returns {boolean} Needs to be rehashed?
 */
exports.needRehash = function (hash) {
    return isSHA1(hash);
};
Autofix on save 2021-07-27 17:47:13 +00:00			`const passwordHashOld = require("password-hash");`
change bcrypt to bcryptjs, use my own prebuilt better-sqlite3, supports more prebuilt 2021-08-31 11:56:44 +00:00			`const bcrypt = require("bcryptjs");`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00			`const saltRounds = 10;`

Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`/**`
			`* Hash a password`
Added JSDoc to ESLint (#3529) * Added JSDoc to eslint rules Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Fixed JSDoc eslint errors Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Update the check-linters workflow to Node.js 20 --------- Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> Co-authored-by: Louis Lam <louislam@users.noreply.github.com> 2023-08-11 07:46:41 +00:00			`* @param {string} password Password to hash`
			`* @returns {string} Hash`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`*/`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00			`exports.generate = function (password) {`
			`return bcrypt.hashSync(password, saltRounds);`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`};`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`/**`
			`* Verify a password against a hash`
Added JSDoc to ESLint (#3529) * Added JSDoc to eslint rules Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Fixed JSDoc eslint errors Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Update the check-linters workflow to Node.js 20 --------- Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> Co-authored-by: Louis Lam <louislam@users.noreply.github.com> 2023-08-11 07:46:41 +00:00			`* @param {string} password Password to verify`
			`* @param {string} hash Hash to verify against`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`* @returns {boolean} Does the password match the hash?`
			`*/`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00			`exports.verify = function (password, hash) {`
			`if (isSHA1(hash)) {`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`return passwordHashOld.verify(password, hash);`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00			`}`
Autofix on save 2021-07-27 17:47:13 +00:00
			`return bcrypt.compareSync(password, hash);`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`};`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`/**`
			`* Is the hash a SHA1 hash`
Added JSDoc to ESLint (#3529) * Added JSDoc to eslint rules Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Fixed JSDoc eslint errors Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Update the check-linters workflow to Node.js 20 --------- Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> Co-authored-by: Louis Lam <louislam@users.noreply.github.com> 2023-08-11 07:46:41 +00:00			`* @param {string} hash Hash to check`
			`* @returns {boolean} Is SHA1 hash?`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`*/`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00			`function isSHA1(hash) {`
Enforce semicolon, fix format globally 2022-04-13 16:30:32 +00:00			`return (typeof hash === "string" && hash.startsWith("sha1"));`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00			`}`

Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`/**`
			`* Does the hash need to be rehashed?`
Added JSDoc to ESLint (#3529) * Added JSDoc to eslint rules Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Fixed JSDoc eslint errors Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> * Update the check-linters workflow to Node.js 20 --------- Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> Co-authored-by: Louis Lam <louislam@users.noreply.github.com> 2023-08-11 07:46:41 +00:00			`* @param {string} hash Hash to check`
			`* @returns {boolean} Needs to be rehashed?`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`*/`
use bcrypt for password hash 2021-07-13 14:22:46 +00:00			`exports.needRehash = function (hash) {`
			`return isSHA1(hash);`
Add JSDoc to server/* Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com> 2022-04-20 18:56:40 +00:00			`};`