@foal/core
Advanced tools
Comparing version 2.10.2 to 2.11.0
@@ -0,1 +1,2 @@ | ||
export declare const PASSWORD_ITERATIONS = 310000; | ||
/** | ||
@@ -8,3 +9,3 @@ * Hash a password using the PBKDF2 algorithm. | ||
* The random salt is 16 bytes long. | ||
* The number of iterations is 150000. | ||
* The number of iterations is 310000. | ||
* The length key is 32 bytes long. | ||
@@ -11,0 +12,0 @@ * |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.hashPassword = void 0; | ||
exports.hashPassword = exports.PASSWORD_ITERATIONS = void 0; | ||
const crypto_1 = require("crypto"); | ||
const util_1 = require("util"); | ||
exports.PASSWORD_ITERATIONS = 310000; | ||
/** | ||
@@ -13,3 +14,3 @@ * Hash a password using the PBKDF2 algorithm. | ||
* The random salt is 16 bytes long. | ||
* The number of iterations is 150000. | ||
* The number of iterations is 310000. | ||
* The length key is 32 bytes long. | ||
@@ -23,3 +24,3 @@ * | ||
const saltBuffer = await util_1.promisify(crypto_1.randomBytes)(16); | ||
const iterations = 150000; | ||
const iterations = exports.PASSWORD_ITERATIONS; | ||
const keylen = 32; | ||
@@ -26,0 +27,0 @@ const digest = 'sha256'; |
export { hashPassword } from './hash-password'; | ||
export { passwordHashNeedsToBeRefreshed } from './password-hash-needs-to-be-refreshed'; | ||
export { verifyPassword } from './verify-password'; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.verifyPassword = exports.hashPassword = void 0; | ||
exports.verifyPassword = exports.passwordHashNeedsToBeRefreshed = exports.hashPassword = void 0; | ||
var hash_password_1 = require("./hash-password"); | ||
Object.defineProperty(exports, "hashPassword", { enumerable: true, get: function () { return hash_password_1.hashPassword; } }); | ||
var password_hash_needs_to_be_refreshed_1 = require("./password-hash-needs-to-be-refreshed"); | ||
Object.defineProperty(exports, "passwordHashNeedsToBeRefreshed", { enumerable: true, get: function () { return password_hash_needs_to_be_refreshed_1.passwordHashNeedsToBeRefreshed; } }); | ||
var verify_password_1 = require("./verify-password"); | ||
Object.defineProperty(exports, "verifyPassword", { enumerable: true, get: function () { return verify_password_1.verifyPassword; } }); |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.verifyPassword = void 0; | ||
const assert_1 = require("assert"); | ||
const crypto_1 = require("crypto"); | ||
const util_1 = require("util"); | ||
const utils_1 = require("./utils"); | ||
/** | ||
@@ -16,14 +16,6 @@ * Compare a plain text password and a hash to see if they match. | ||
async function verifyPassword(plainTextPassword, passwordHash) { | ||
const [algorithm, iterations, salt, derivedKey] = passwordHash.split('$'); | ||
assert_1.strictEqual(algorithm, 'pbkdf2_sha256', 'Invalid algorithm.'); | ||
assert_1.strictEqual(typeof iterations, 'string', 'Invalid password format.'); | ||
assert_1.strictEqual(typeof salt, 'string', 'Invalid password format.'); | ||
assert_1.strictEqual(typeof derivedKey, 'string', 'Invalid password format.'); | ||
assert_1.strictEqual(isNaN(parseInt(iterations, 10)), false, 'Invalid password format.'); | ||
const saltBuffer = Buffer.from(salt, 'base64'); | ||
const derivedKeyBuffer = Buffer.from(derivedKey, 'base64'); | ||
const digest = 'sha256'; // TODO: depends on the algorthim var | ||
const password = await util_1.promisify(crypto_1.pbkdf2)(plainTextPassword, saltBuffer, parseInt(iterations, 10), derivedKeyBuffer.length, digest); | ||
return crypto_1.timingSafeEqual(password, derivedKeyBuffer); | ||
const { digestAlgorithm, iterations, salt, derivedKey, keyLength } = utils_1.decomposePbkdf2PasswordHash(passwordHash); | ||
const password = await util_1.promisify(crypto_1.pbkdf2)(plainTextPassword, salt, iterations, keyLength, digestAlgorithm); | ||
return crypto_1.timingSafeEqual(password, derivedKey); | ||
} | ||
exports.verifyPassword = verifyPassword; |
@@ -6,5 +6,5 @@ /** | ||
*/ | ||
export { Log, LogOptions, UserRequired, ValidateBody, ValidateCookie, ValidateHeader, ValidatePathParam, ValidateQueryParam, controller, displayServerURL, convertBase64ToBase64url, convertBase64urlToBase64, escape, escapeProp, generateSignedToken, generateToken, getAjvInstance, hashPassword, isInFile, render, renderToString, renderError, signToken, streamToBuffer, verifyPassword, verifySignedToken, } from './common'; | ||
export { Log, LogOptions, UserRequired, ValidateBody, ValidateCookie, ValidateHeader, ValidatePathParam, ValidateQueryParam, controller, displayServerURL, convertBase64ToBase64url, convertBase64urlToBase64, escape, escapeProp, generateSignedToken, generateToken, getAjvInstance, hashPassword, passwordHashNeedsToBeRefreshed, isInFile, render, renderToString, renderError, signToken, streamToBuffer, verifyPassword, verifySignedToken, } from './common'; | ||
export { ApiCallback, ApiDefineCallback, ApiDefineExample, ApiDefineHeader, ApiDefineLink, ApiDefineParameter, ApiDefineRequestBody, ApiDefineResponse, ApiDefineSchema, ApiDefineSecurityScheme, ApiDefineTag, ApiDeprecated, ApiExternalDoc, ApiInfo, ApiOperation, ApiOperationDescription, ApiOperationId, ApiOperationSummary, ApiParameter, ApiRequestBody, ApiResponse, ApiSecurityRequirement, ApiServer, ApiUseTag, All, Class, ClassOrAbstractClass, Config, ConfigNotFoundError, ConfigTypeError, Context, CookieOptions, Delete, Dependency, Env, Get, Head, Hook, HookDecorator, HookFunction, HookPostFunction, HttpMethod, HttpResponse, HttpResponseBadRequest, HttpResponseClientError, HttpResponseConflict, HttpResponseCreated, HttpResponseForbidden, HttpResponseInternalServerError, HttpResponseMethodNotAllowed, HttpResponseMovedPermanently, HttpResponseNoContent, HttpResponseNotFound, HttpResponseNotImplemented, HttpResponseOK, HttpResponseRedirect, HttpResponseRedirection, HttpResponseServerError, HttpResponseSuccess, HttpResponseTooManyRequests, HttpResponseUnauthorized, IApiAbstractParameter, IApiAbstractSecurityScheme, IApiApiKeySecurityScheme, IApiAuthorizationCodeOAuthFlow, IApiCallback, IApiClientCredentialsOAuthFlow, IApiComponents, IApiContact, IApiCookieParameter, IApiDiscriminator, IApiEncoding, IApiExample, IApiExternalDocumentation, IApiHeader, IApiHeaderParameter, IApiHttpSecurityScheme, IApiImplicitOAuthFlow, IApiInfo, IApiLicense, IApiLink, IApiMediaType, IApiOAuth2SecurityScheme, IApiOAuthFlow, IApiOAuthFlows, IApiOpenIdConnectSecurityScheme, IApiOperation, IApiParameter, IApiPasswordOAuthFlow, IApiPathItem, IApiPathParameter, IApiPaths, IApiQueryParameter, IApiReference, IApiRequestBody, IApiResponse, IApiResponses, IApiSchema, IApiSecurityRequirement, IApiSecurityScheme, IApiServer, IApiServerVariable, IApiTag, IApiXML, IAppController, IController, IOpenAPI, MergeHooks, OpenApi, OpenApiDecorator, Options, Patch, Post, Put, ServiceManager, createController, createOpenApiDocument, createService, dependency, getApiCallbacks, getApiCompleteOperation, getApiComponents, getApiDeprecated, getApiExternalDocs, getApiInfo, getApiOperation, getApiOperationDescription, getApiOperationId, getApiOperationSummary, getApiParameters, getApiRequestBody, getApiResponses, getApiSecurity, getApiServers, getApiTags, getApiUsedTags, getHookFunction, getHookFunctions, getHttpMethod, getMetadata, getPath, isHttpResponse, isHttpResponseBadRequest, isHttpResponseClientError, isHttpResponseConflict, isHttpResponseCreated, isHttpResponseForbidden, isHttpResponseInternalServerError, isHttpResponseMethodNotAllowed, isHttpResponseMovedPermanently, isHttpResponseNoContent, isHttpResponseNotFound, isHttpResponseNotImplemented, isHttpResponseOK, isHttpResponseRedirect, isHttpResponseRedirection, isHttpResponseServerError, isHttpResponseSuccess, isHttpResponseTooManyRequests, isHttpResponseUnauthorized, } from './core'; | ||
export { OPENAPI_SERVICE_ID, createApp, } from './express'; | ||
export { Session, SessionAlreadyExists, SessionState, SessionStore, Store, UseSessions, createSession, readSession, FetchUser, } from './sessions'; |
@@ -8,3 +8,3 @@ "use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.readSession = exports.createSession = exports.UseSessions = exports.Store = exports.SessionStore = exports.SessionAlreadyExists = exports.Session = exports.createApp = exports.OPENAPI_SERVICE_ID = exports.isHttpResponseUnauthorized = exports.isHttpResponseTooManyRequests = exports.isHttpResponseSuccess = exports.isHttpResponseServerError = exports.isHttpResponseRedirection = exports.isHttpResponseRedirect = exports.isHttpResponseOK = exports.isHttpResponseNotImplemented = exports.isHttpResponseNotFound = exports.isHttpResponseNoContent = exports.isHttpResponseMovedPermanently = exports.isHttpResponseMethodNotAllowed = exports.isHttpResponseInternalServerError = exports.isHttpResponseForbidden = exports.isHttpResponseCreated = exports.isHttpResponseConflict = exports.isHttpResponseClientError = exports.isHttpResponseBadRequest = exports.isHttpResponse = exports.getPath = exports.getMetadata = exports.getHttpMethod = exports.getHookFunctions = exports.getHookFunction = exports.getApiUsedTags = exports.getApiTags = exports.getApiServers = exports.getApiSecurity = exports.getApiResponses = exports.getApiRequestBody = exports.getApiParameters = exports.getApiOperationSummary = exports.getApiOperationId = exports.getApiOperationDescription = exports.getApiOperation = exports.getApiInfo = exports.getApiExternalDocs = exports.getApiDeprecated = exports.getApiComponents = exports.getApiCompleteOperation = exports.getApiCallbacks = exports.dependency = exports.createService = exports.createOpenApiDocument = exports.createController = exports.ServiceManager = exports.Put = exports.Post = exports.Patch = exports.Options = exports.OpenApi = exports.MergeHooks = exports.HttpResponseUnauthorized = exports.HttpResponseTooManyRequests = exports.HttpResponseSuccess = exports.HttpResponseServerError = exports.HttpResponseRedirection = exports.HttpResponseRedirect = exports.HttpResponseOK = exports.HttpResponseNotImplemented = exports.HttpResponseNotFound = exports.HttpResponseNoContent = exports.HttpResponseMovedPermanently = exports.HttpResponseMethodNotAllowed = exports.HttpResponseInternalServerError = exports.HttpResponseForbidden = exports.HttpResponseCreated = exports.HttpResponseConflict = exports.HttpResponseClientError = exports.HttpResponseBadRequest = exports.HttpResponse = exports.Hook = exports.Head = exports.Get = exports.Env = exports.Dependency = exports.Delete = exports.Context = exports.ConfigTypeError = exports.ConfigNotFoundError = exports.Config = exports.All = exports.ApiUseTag = exports.ApiServer = exports.ApiSecurityRequirement = exports.ApiResponse = exports.ApiRequestBody = exports.ApiParameter = exports.ApiOperationSummary = exports.ApiOperationId = exports.ApiOperationDescription = exports.ApiOperation = exports.ApiInfo = exports.ApiExternalDoc = exports.ApiDeprecated = exports.ApiDefineTag = exports.ApiDefineSecurityScheme = exports.ApiDefineSchema = exports.ApiDefineResponse = exports.ApiDefineRequestBody = exports.ApiDefineParameter = exports.ApiDefineLink = exports.ApiDefineHeader = exports.ApiDefineExample = exports.ApiDefineCallback = exports.ApiCallback = exports.verifySignedToken = exports.verifyPassword = exports.streamToBuffer = exports.signToken = exports.renderError = exports.renderToString = exports.render = exports.isInFile = exports.hashPassword = exports.getAjvInstance = exports.generateToken = exports.generateSignedToken = exports.escapeProp = exports.escape = exports.convertBase64urlToBase64 = exports.convertBase64ToBase64url = exports.displayServerURL = exports.controller = exports.ValidateQueryParam = exports.ValidatePathParam = exports.ValidateHeader = exports.ValidateCookie = exports.ValidateBody = exports.UserRequired = exports.Log = void 0; | ||
exports.readSession = exports.createSession = exports.UseSessions = exports.Store = exports.SessionStore = exports.SessionAlreadyExists = exports.Session = exports.createApp = exports.OPENAPI_SERVICE_ID = exports.isHttpResponseUnauthorized = exports.isHttpResponseTooManyRequests = exports.isHttpResponseSuccess = exports.isHttpResponseServerError = exports.isHttpResponseRedirection = exports.isHttpResponseRedirect = exports.isHttpResponseOK = exports.isHttpResponseNotImplemented = exports.isHttpResponseNotFound = exports.isHttpResponseNoContent = exports.isHttpResponseMovedPermanently = exports.isHttpResponseMethodNotAllowed = exports.isHttpResponseInternalServerError = exports.isHttpResponseForbidden = exports.isHttpResponseCreated = exports.isHttpResponseConflict = exports.isHttpResponseClientError = exports.isHttpResponseBadRequest = exports.isHttpResponse = exports.getPath = exports.getMetadata = exports.getHttpMethod = exports.getHookFunctions = exports.getHookFunction = exports.getApiUsedTags = exports.getApiTags = exports.getApiServers = exports.getApiSecurity = exports.getApiResponses = exports.getApiRequestBody = exports.getApiParameters = exports.getApiOperationSummary = exports.getApiOperationId = exports.getApiOperationDescription = exports.getApiOperation = exports.getApiInfo = exports.getApiExternalDocs = exports.getApiDeprecated = exports.getApiComponents = exports.getApiCompleteOperation = exports.getApiCallbacks = exports.dependency = exports.createService = exports.createOpenApiDocument = exports.createController = exports.ServiceManager = exports.Put = exports.Post = exports.Patch = exports.Options = exports.OpenApi = exports.MergeHooks = exports.HttpResponseUnauthorized = exports.HttpResponseTooManyRequests = exports.HttpResponseSuccess = exports.HttpResponseServerError = exports.HttpResponseRedirection = exports.HttpResponseRedirect = exports.HttpResponseOK = exports.HttpResponseNotImplemented = exports.HttpResponseNotFound = exports.HttpResponseNoContent = exports.HttpResponseMovedPermanently = exports.HttpResponseMethodNotAllowed = exports.HttpResponseInternalServerError = exports.HttpResponseForbidden = exports.HttpResponseCreated = exports.HttpResponseConflict = exports.HttpResponseClientError = exports.HttpResponseBadRequest = exports.HttpResponse = exports.Hook = exports.Head = exports.Get = exports.Env = exports.Dependency = exports.Delete = exports.Context = exports.ConfigTypeError = exports.ConfigNotFoundError = exports.Config = exports.All = exports.ApiUseTag = exports.ApiServer = exports.ApiSecurityRequirement = exports.ApiResponse = exports.ApiRequestBody = exports.ApiParameter = exports.ApiOperationSummary = exports.ApiOperationId = exports.ApiOperationDescription = exports.ApiOperation = exports.ApiInfo = exports.ApiExternalDoc = exports.ApiDeprecated = exports.ApiDefineTag = exports.ApiDefineSecurityScheme = exports.ApiDefineSchema = exports.ApiDefineResponse = exports.ApiDefineRequestBody = exports.ApiDefineParameter = exports.ApiDefineLink = exports.ApiDefineHeader = exports.ApiDefineExample = exports.ApiDefineCallback = exports.ApiCallback = exports.verifySignedToken = exports.verifyPassword = exports.streamToBuffer = exports.signToken = exports.renderError = exports.renderToString = exports.render = exports.isInFile = exports.passwordHashNeedsToBeRefreshed = exports.hashPassword = exports.getAjvInstance = exports.generateToken = exports.generateSignedToken = exports.escapeProp = exports.escape = exports.convertBase64urlToBase64 = exports.convertBase64ToBase64url = exports.displayServerURL = exports.controller = exports.ValidateQueryParam = exports.ValidatePathParam = exports.ValidateHeader = exports.ValidateCookie = exports.ValidateBody = exports.UserRequired = exports.Log = void 0; | ||
try { | ||
@@ -36,2 +36,3 @@ const version = process.versions.node; | ||
Object.defineProperty(exports, "hashPassword", { enumerable: true, get: function () { return common_1.hashPassword; } }); | ||
Object.defineProperty(exports, "passwordHashNeedsToBeRefreshed", { enumerable: true, get: function () { return common_1.passwordHashNeedsToBeRefreshed; } }); | ||
Object.defineProperty(exports, "isInFile", { enumerable: true, get: function () { return common_1.isInFile; } }); | ||
@@ -38,0 +39,0 @@ Object.defineProperty(exports, "render", { enumerable: true, get: function () { return common_1.render; } }); |
{ | ||
"name": "@foal/core", | ||
"version": "2.10.2", | ||
"version": "2.11.0", | ||
"description": "Full-featured Node.js framework, with no complexity", | ||
@@ -88,3 +88,3 @@ "main": "./lib/index.js", | ||
"devDependencies": { | ||
"@foal/internal-test": "^2.10.2", | ||
"@foal/internal-test": "^2.11.0", | ||
"@types/mocha": "7.0.2", | ||
@@ -104,3 +104,3 @@ "@types/node": "10.17.24", | ||
}, | ||
"gitHead": "db7a8bc59680e2bf02662bfa47178beec4969ae3" | ||
"gitHead": "9d6734838ad699267f774bf84139b7a5cfc2dcfa" | ||
} |
379355
222
8917