heartles/egirlskey
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

upd: swap bcrypt to argon2, add misskey-js to dev, auto load replies

Browse source
This commit is contained in:
Mar0xy 2023-09-22 00:21:57 +02:00
parent 03b5acf17f
commit 7111c6c90b
No known key found for this signature in database
GPG key ID: 56569BBE47D2C828
20 changed files with 105 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/backend/package.json
View file

@ -58,7 +58,6 @@
"dependencies": {
"@aws-sdk/client-s3": "3.412.0",
"@aws-sdk/lib-storage": "3.412.0",
"@smithy/node-http-handler": "2.1.5",
"@bull-board/api": "5.8.4",
"@bull-board/fastify": "5.8.4",
"@bull-board/ui": "5.8.4",
@ -77,11 +76,13 @@
"@peertube/http-signature": "1.7.0",
"@simplewebauthn/server": "8.1.1",
"@sinonjs/fake-timers": "11.1.0",
"@smithy/node-http-handler": "2.1.5",
"@swc/cli": "0.1.62",
"@swc/core": "1.3.86",
"accepts": "1.3.8",
"ajv": "8.12.0",
"archiver": "6.0.1",
"argon2": "^0.31.1",
"async-mutex": "0.4.0",
"bcryptjs": "2.4.3",
"blurhash": "2.0.5",

7
packages/backend/src/core/CreateSystemUserService.ts
View file

@ -5,7 +5,8 @@
import { randomUUID } from 'node:crypto';
import { Inject, Injectable } from '@nestjs/common';
import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
//import bcrypt from 'bcryptjs';
import { IsNull, DataSource } from 'typeorm';
import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
import { MiUser } from '@/models/User.js';
@ -32,8 +33,8 @@ export class CreateSystemUserService {
const password = randomUUID();
// Generate hash of password
const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(password, salt);
//const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(password);
// Generate secret
const secret = generateNativeUserToken();

7
packages/backend/src/core/SignupService.ts
View file

@ -5,7 +5,8 @@
import { generateKeyPair } from 'node:crypto';
import { Inject, Injectable } from '@nestjs/common';
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { DataSource, IsNull } from 'typeorm';
import { DI } from '@/di-symbols.js';
import type { UsedUsernamesRepository, UsersRepository } from '@/models/_.js';
@ -64,8 +65,8 @@ export class SignupService {
}
// Generate hash of password
const salt = await bcrypt.genSalt(8);
hash = await bcrypt.hash(password, salt);
//const salt = await bcrypt.genSalt(8);
hash = await argon2.hash(password);
}
// Generate secret

5
packages/backend/src/server/api/SigninApiService.ts
View file

@ -4,7 +4,8 @@
*/
import { Inject, Injectable } from '@nestjs/common';
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import * as OTPAuth from 'otpauth';
import { IsNull } from 'typeorm';
import { DI } from '@/di-symbols.js';
@ -121,7 +122,7 @@ export class SigninApiService {
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });
// Compare password
const same = await bcrypt.compare(password, profile.password!);
const same = await argon2.verify(profile.password!, password);
const fail = async (status?: number, failure?: { id: string }) => {
// Append signin history

7
packages/backend/src/server/api/SignupApiService.ts
View file

@ -4,7 +4,8 @@
*/
import { Inject, Injectable } from '@nestjs/common';
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { IsNull } from 'typeorm';
import { DI } from '@/di-symbols.js';
import type { RegistrationTicketsRepository, UsedUsernamesRepository, UserPendingsRepository, UserProfilesRepository, UsersRepository, MiRegistrationTicket } from '@/models/_.js';
@ -160,8 +161,8 @@ export class SignupApiService {
const code = secureRndstr(16, { chars: L_CHARS });
// Generate hash of password
const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(password, salt);
//const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(password);
const pendingUser = await this.userPendingsRepository.insert({
id: this.idService.genId(),

5
packages/backend/src/server/api/endpoints/admin/reset-password.ts
View file

@ -4,7 +4,8 @@
*/
import { Inject, Injectable } from '@nestjs/common';
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
import { DI } from '@/di-symbols.js';
@ -61,7 +62,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const passwd = secureRndstr(8);
// Generate hash of password
const hash = bcrypt.hashSync(passwd);
const hash = await argon2.hash(passwd);
await this.userProfilesRepository.update({
userId: user.id,

5
packages/backend/src/server/api/endpoints/i/2fa/key-done.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
@ -61,7 +62,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.password, profile.password ?? '');
const same = await argon2.verify(profile.password ?? '', ps.password);
if (!same) {
throw new ApiError(meta.errors.incorrectPassword);

5
packages/backend/src/server/api/endpoints/i/2fa/register-key.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js';
@ -67,7 +68,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
}
// Compare password
const same = await bcrypt.compare(ps.password, profile.password ?? '');
const same = await argon2.verify(profile.password ?? '', ps.password);
if (!same) {
throw new ApiError(meta.errors.incorrectPassword);

5
packages/backend/src/server/api/endpoints/i/2fa/register.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import * as OTPAuth from 'otpauth';
import * as QRCode from 'qrcode';
import { Inject, Injectable } from '@nestjs/common';
@ -48,7 +49,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.password, profile.password ?? '');
const same = await argon2.verify(profile.password ?? '', ps.password);
if (!same) {
throw new ApiError(meta.errors.incorrectPassword);

5
packages/backend/src/server/api/endpoints/i/2fa/remove-key.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository, UserSecurityKeysRepository } from '@/models/_.js';
@ -51,7 +52,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.password, profile.password ?? '');
const same = await argon2.verify(profile.password ?? '', ps.password);
if (!same) {
throw new ApiError(meta.errors.incorrectPassword);

5
packages/backend/src/server/api/endpoints/i/2fa/unregister.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
@ -47,7 +48,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.password, profile.password ?? '');
const same = await argon2.verify(profile.password ?? '', ps.password);
if (!same) {
throw new ApiError(meta.errors.incorrectPassword);

2
packages/backend/src/server/api/endpoints/i/2fa/update-key.ts
View file

@ -3,7 +3,7 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserSecurityKeysRepository } from '@/models/_.js';

9
packages/backend/src/server/api/endpoints/i/change-password.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js';
@ -34,15 +35,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.currentPassword, profile.password!);
const same = await argon2.verify(profile.password!, ps.currentPassword);
if (!same) {
throw new Error('incorrect password');
}
// Generate hash of password
const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(ps.newPassword, salt);
//const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(ps.newPassword);
await this.userProfilesRepository.update(me.id, {
password: hash,

5
packages/backend/src/server/api/endpoints/i/delete-account.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
@ -43,7 +44,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
}
// Compare password
const same = await bcrypt.compare(ps.password, profile.password!);
const same = await argon2.verify(profile.password!, ps.password);
if (!same) {
throw new Error('incorrect password');

5
packages/backend/src/server/api/endpoints/i/regenerate-token.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
@ -43,7 +44,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.password, profile.password!);
const same = await argon2.verify(profile.password!, ps.password);
if (!same) {
throw new Error('incorrect password');

5
packages/backend/src/server/api/endpoints/i/update-email.ts
View file

@ -5,7 +5,8 @@
import { Inject, Injectable } from '@nestjs/common';
import ms from 'ms';
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
@ -67,7 +68,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id });
// Compare password
const same = await bcrypt.compare(ps.password, profile.password!);
const same = await argon2.verify(profile.password!, ps.password);
if (!same) {
throw new ApiError(meta.errors.incorrectPassword);

7
packages/backend/src/server/api/endpoints/reset-password.ts
View file

@ -3,7 +3,8 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import bcrypt from 'bcryptjs';
//import bcrypt from 'bcryptjs';
import * as argon2 from 'argon2';
import { Inject, Injectable } from '@nestjs/common';
import type { UserProfilesRepository, PasswordResetRequestsRepository } from '@/models/_.js';
import { Endpoint } from '@/server/api/endpoint-base.js';
@ -50,8 +51,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
}
// Generate hash of password
const salt = await bcrypt.genSalt(8);
const hash = await bcrypt.hash(ps.password, salt);
//const salt = await bcrypt.genSalt(8);
const hash = await argon2.hash(ps.password);
await this.userProfilesRepository.update(req.userId, {
password: hash,

1
packages/frontend/src/components/MkNoteDetailed.vue
View file

@ -501,6 +501,7 @@ function loadReplies() {
replies.value = res;
});
}
loadReplies();
const conversationLoaded = ref(false);
function loadConversation() {

49
pnpm-lock.yaml generated
View file

@ -134,6 +134,9 @@ importers:
archiver:
specifier: 6.0.1
version: 6.0.1
argon2:
specifier: ^0.31.1
version: 0.31.1
async-mutex:
specifier: 0.4.0
version: 0.4.0
@ -4317,6 +4320,24 @@ packages:
engines: {node: '>=8'}
dev: false
/@mapbox/node-pre-gyp@1.0.11:
resolution: {integrity: sha512-Yhlar6v9WQgUp/He7BdgzOz8lqMQ8sU+jkCq7Wx8Myc5YFJLbEe7lgui/V7G1qB1DJykHSGwreceSaD60Y0PUQ==}
hasBin: true
dependencies:
detect-libc: 2.0.2
https-proxy-agent: 5.0.1
make-dir: 3.1.0
node-fetch: 2.7.0
nopt: 5.0.0
npmlog: 5.0.1
rimraf: 3.0.2
semver: 7.5.4
tar: 6.1.13
transitivePeerDependencies:
- encoding
- supports-color
dev: false
/@mapbox/node-pre-gyp@1.0.9:
resolution: {integrity: sha512-aDF3S3rK9Q2gey/WAttUlISduDItz5BU3306M9Eyv6/oS40aMprnopshtlKTykxRNIBEZuRMaZAnbrQ4QtKGyw==}
hasBin: true
@ -4670,6 +4691,11 @@ packages:
sshpk: 1.17.0
dev: false
/@phc/format@1.0.0:
resolution: {integrity: sha512-m7X9U6BG2+J+R1lSOdCiITLLrxm+cWlNI3HUFA92oLO77ObGNzaKdh8pMLqdZcshtkKuV84olNNXDfMc4FezBQ==}
engines: {node: '>=10'}
dev: false
/@pkgjs/parseargs@0.11.0:
resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
engines: {node: '>=14'}
@ -7046,7 +7072,7 @@ packages:
hasBin: true
peerDependencies:
'@swc/core': ^1.2.66
chokidar: 3.5.3
chokidar: ^3.5.1
peerDependenciesMeta:
chokidar:
optional: true
@ -8825,7 +8851,6 @@ packages:
delegates: 1.0.0
readable-stream: 3.6.0
dev: false
optional: true
/are-we-there-yet@3.0.1:
resolution: {integrity: sha512-QZW4EDmGwlYur0Yyf/b2uGucHQMa8aFUP7eu9ddR73vvhFyt4V0Vl3QHPcTNJ8l6qYOBdxgXdnBXQrHilfRQBg==}
@ -8839,6 +8864,19 @@ packages:
resolution: {integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==}
dev: true
/argon2@0.31.1:
resolution: {integrity: sha512-ik2xnJrLXazya7m4Nz1XfBSRjXj8Koq8qF9PsQC8059p20ifWc9zx/hgU3ItZh/3TnwXkv0RbhvjodPkmFf0bg==}
engines: {node: '>=14.0.0'}
requiresBuild: true
dependencies:
'@mapbox/node-pre-gyp': 1.0.11
'@phc/format': 1.0.0
node-addon-api: 7.0.0
transitivePeerDependencies:
- encoding
- supports-color
dev: false
/argparse@1.0.10:
resolution: {integrity: sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==}
dependencies:
@ -12111,7 +12149,6 @@ packages:
strip-ansi: 6.0.1
wide-align: 1.1.5
dev: false
optional: true
/gauge@4.0.4:
resolution: {integrity: sha512-f9m+BEN5jkg6a0fZjleidjN51VE1X+mPFQ2DJ0uv1V39oCLCbsGe6yjbBnp7eK7z/+GAon99a3nHuqbuuthyPg==}
@ -15005,6 +15042,10 @@ packages:
/node-addon-api@6.1.0:
resolution: {integrity: sha512-+eawOlIgy680F0kBzPUNFhMZGtJ1YmqM6l4+Crf4IkImjYrO/mqPwRMh352g23uIaQKFItcQ64I7KMaJxHgAVA==}
/node-addon-api@7.0.0:
resolution: {integrity: sha512-vgbBJTS4m5/KkE16t5Ly0WW9hz46swAstv0hYYwMtbG7AznRhNyfLRe8HZAiWIpcHzoO7HxhLuBQj9rJ/Ho0ZA==}
dev: false
/node-bitmap@0.0.1:
resolution: {integrity: sha512-Jx5lPaaLdIaOsj2mVLWMWulXF6GQVdyLvNSxmiYCvZ8Ma2hfKX0POoR2kgKOqz+oFsRreq0yYZjQ2wjE9VNzCA==}
engines: {node: '>=v0.6.5'}
@ -15155,7 +15196,6 @@ packages:
dependencies:
abbrev: 1.1.1
dev: false
optional: true
/nopt@6.0.0:
resolution: {integrity: sha512-ZwLpbTgdhuZUnZzjd7nb1ZV+4DoiC6/sfiVKok72ym/4Tlf+DFdlHYmT2JPmcNNWV6Pi3SDf1kT+A4r9RTuT9g==}
@ -15224,7 +15264,6 @@ packages:
gauge: 3.0.2
set-blocking: 2.0.0
dev: false
optional: true
/npmlog@6.0.2:
resolution: {integrity: sha512-/vBvz5Jfr9dT/aFWd0FIRf+T/Q2WBsLENygUaFUqstqsycmZAP/t5BvFJTK0viFmSUxiUKTUplWy5vt+rvKIxg==}

6
scripts/dev.mjs
View file

@ -29,6 +29,12 @@ await execa('pnpm', ['build-assets'], {
stderr: process.stderr,
});
await execa('pnpm', ['--filter', 'misskey-js', 'build'], {
cwd: _dirname + '/../',
stdout: process.stdout,
stderr: process.stderr,
});
execa('pnpm', ['build-assets', '--watch'], {
cwd: _dirname + '/../',
stdout: process.stdout,