refact(auth): change pwd encrypt method
This commit is contained in:
@@ -2,9 +2,11 @@
|
||||
|
||||
import { revalidatePath } from "next/cache";
|
||||
import { auth } from "@/auth";
|
||||
import { hash } from "bcrypt";
|
||||
|
||||
// import { hash } from "crypt";
|
||||
|
||||
import { prisma } from "@/lib/db";
|
||||
import { hashPassword } from "@/lib/utils";
|
||||
import { userPasswordSchema } from "@/lib/validations/user";
|
||||
|
||||
export type FormData = {
|
||||
@@ -26,7 +28,7 @@ export async function updateUserPassword(userId: string, data: FormData) {
|
||||
id: userId,
|
||||
},
|
||||
data: {
|
||||
password: await hash(password, 10),
|
||||
password: hashPassword(password),
|
||||
},
|
||||
});
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import { NextRequest } from "next/server";
|
||||
import { compare, hash } from "bcrypt";
|
||||
|
||||
import { prisma } from "@/lib/db";
|
||||
import { hashPassword, verifyPassword } from "@/lib/utils";
|
||||
|
||||
export async function POST(req: NextRequest) {
|
||||
try {
|
||||
@@ -21,7 +21,7 @@ export async function POST(req: NextRequest) {
|
||||
data: {
|
||||
name: "",
|
||||
email,
|
||||
password: await hash(password, 10),
|
||||
password: hashPassword(password),
|
||||
active: 1,
|
||||
role: "USER",
|
||||
team: "free",
|
||||
@@ -31,8 +31,7 @@ export async function POST(req: NextRequest) {
|
||||
});
|
||||
return Response.json(newUser, { status: 200 });
|
||||
} else {
|
||||
const passwordCorrect = await compare(password, user.password || "");
|
||||
|
||||
const passwordCorrect = verifyPassword(password, user.password || "");
|
||||
if (passwordCorrect) {
|
||||
return Response.json(user, { status: 200 });
|
||||
}
|
||||
|
||||
@@ -376,3 +376,24 @@ export function extractHost(url: string): string {
|
||||
const match = url.match(regex);
|
||||
return match ? match[1] : "";
|
||||
}
|
||||
|
||||
export function hashPassword(password: string): string {
|
||||
const salt = crypto.randomBytes(16).toString("hex");
|
||||
const hash = crypto.scryptSync(password, salt, 64).toString("hex");
|
||||
return `${salt}:${hash}`;
|
||||
}
|
||||
|
||||
/**
|
||||
* 验证密码
|
||||
* @param password 用户输入的密码
|
||||
* @param storedPassword 数据库中存储的加密密码
|
||||
* @returns 是否匹配
|
||||
*/
|
||||
export function verifyPassword(
|
||||
password: string,
|
||||
storedPassword: string,
|
||||
): boolean {
|
||||
const [salt, hash] = storedPassword.split(":");
|
||||
const hashToVerify = crypto.scryptSync(password, salt, 64).toString("hex");
|
||||
return hash === hashToVerify;
|
||||
}
|
||||
|
||||
@@ -31,7 +31,7 @@ VALUES
|
||||
'cmadvu9w874j2sczhg174pftq',
|
||||
'admin',
|
||||
'admin@admin.com',
|
||||
'$2b$10$FQIPnvwTQ2dwL2F3SIiKDOf.qTvMcwfc0KsbqHQBWflpFT2o8Uwji',
|
||||
'c0025ebe2edf525367e859821ccac33a:95992aad7ca8dc7c51855859f7adaa6282b09439b3e138fde22aeeaa6864af0f43fdd297cc7409b24a011300c038ff4d7585f89019e7629120123ec947f62b15',
|
||||
1,
|
||||
'ADMIN',
|
||||
'free'
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user