From d1544f17738e436c8bdec550bb93bc3de80d5d51 Mon Sep 17 00:00:00 2001 From: bastien ollier Date: Tue, 11 Jun 2024 16:37:17 +0200 Subject: [PATCH] add hash --- package.json | 5 ++++- src/bcrypt.ts | 18 ------------------ src/database.ts | 2 +- src/server.ts | 34 +++++++++++++++++++--------------- 4 files changed, 24 insertions(+), 35 deletions(-) delete mode 100644 src/bcrypt.ts diff --git a/package.json b/package.json index 8459110..9b07611 100644 --- a/package.json +++ b/package.json @@ -4,11 +4,13 @@ "type": "module", "scripts": { "build": "tsc", - "start": "tsx src/server.ts" + "start": "tsx src/server.ts", + "fmt": "dprint fmt" }, "devDependencies": { "@types/bcryptjs": "^2.4.6", "@types/bun": "^1.0.4", + "dprint": "^0.46.2", "tsx": "^4.7.0", "typescript": "^5.3.3" }, @@ -20,6 +22,7 @@ "@fastify/websocket": "^10.0.1", "@sinclair/typebox": "^0.32.9", "dprint": "^0.46.1", + "bcrypt": "^5.1.1", "bcryptjs": "^2.4.3", "fastify": "^4.27.0", "nanoid": "^5.0.4", diff --git a/src/bcrypt.ts b/src/bcrypt.ts deleted file mode 100644 index 9ba20a6..0000000 --- a/src/bcrypt.ts +++ /dev/null @@ -1,18 +0,0 @@ -import * as bcrypt from "bcryptjs"; - -const saltRounds = 10; // Le nombre de tours de salage - -/* Fonction pour hasher le mot de passe */ -export async function hashPassword(password: string): Promise { - const hashedPassword = await bcrypt.hash(password, saltRounds); - return hashedPassword; -} - -/* Fonction pour vérifier le mot de passe */ -export async function comparePassword( - plainPassword: string, - hashedPassword: string -): Promise { - const isMatch = await bcrypt.compare(plainPassword, hashedPassword); - return isMatch; -} diff --git a/src/database.ts b/src/database.ts index f33f9f6..79f02d4 100644 --- a/src/database.ts +++ b/src/database.ts @@ -141,7 +141,7 @@ export async function insertUser( /* Vérifier si un utilisateur existe dans la table registered_user */ export async function verifyUser( db: sqlite3.Database, - login: string + login: string, ): Promise { const verifyUserQuery = `SELECT login, password FROM registered_user WHERE login = ?`; diff --git a/src/server.ts b/src/server.ts index c5cd60a..90f144e 100644 --- a/src/server.ts +++ b/src/server.ts @@ -3,12 +3,12 @@ import { ChangeSet, Text } from "@codemirror/state"; import cors from "@fastify/cors"; import { Type, TypeBoxTypeProvider } from "@fastify/type-provider-typebox"; import websocket, { WebSocket } from "@fastify/websocket"; +import bcrypt from "bcrypt"; import Fastify, { FastifyReply } from "fastify"; import { nanoid } from "nanoid"; import { allocateBuffer, getRunner } from "runner"; import { Pull, Push } from "zeromq"; import * as db from "./database"; -import { hashPassword } from "bcrypt"; const sender = new Push(); await sender.bind(`tcp://127.0.0.1:5557`); @@ -166,6 +166,8 @@ const database = db.openDatabase(); /* Créer les tables si elles n'existent pas */ db.createTables(database); +const salt = 10; + /* Route pour créer un utilisateur */ fastify.post( "/users", @@ -180,14 +182,18 @@ fastify.post( }, async (request, reply) => { const { login, password, permissions } = request.body; - // Hasher le mot de passe avant de l'insérer dans la base de données (en type string) - const hashedPassword = (await hashPassword(password)) as string; - if (!(await db.insertUser(database, login, hashedPassword, permissions))) { - reply.send({ success: false }); - } else { - reply.send({ success: true }); - } - } + + bcrypt.hash(password, salt, async (err, hash) => { + if (err) { + reply.send({ success: false }); + } + if (!(await db.insertUser(database, login, hash, permissions))) { + reply.send({ success: false }); + } else { + reply.send({ success: true }); + } + }); + }, ); /* Route pour vérifier si un utilisateur existe */ @@ -205,12 +211,10 @@ fastify.post( const { login, password } = request.body; const user = await db.verifyUser(database, login); - if (user === null || user.password !== password) { - reply.send({ success: false }); - } else { - reply.send({ success: true }); - } - } + bcrypt.compare(password, user!.password) + .then(res => reply.send({ sucess: res })) + .catch(err => reply.send({ sucess: false })); + }, ); /* Route pour mettre à jour le login d'un utilisateur */