Added salted hashing passwords.

lithdew · Jun 26, 2020 · 4b5ac67 · 4b5ac67
1 parent f3b903f
commit 4b5ac67
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/examples/nodejs/basic_auth/index.ts b/examples/nodejs/basic_auth/index.ts
@@ -2,7 +2,9 @@ import { Node } from "./node"
 import { SessionStore } from "./session-store"
 import { Memory } from "./session-store/memory"
 import { randomBytes } from "tweetnacl";
+import bcrypt from "bcryptjs";
 
+const salt = bcrypt.genSaltSync(10);
 const session = new SessionStore(new Memory());
 
 const users = [
@@ -27,7 +29,7 @@ const main = async () => {
       login: (ctx) => {
         if (ctx.headers["params.id"] && ctx.headers["params.password"]) {
           const authenticated = authenticate(ctx.headers["params.id"], ctx.headers["params.password"]);
-          if (authenticated) {
+          if (authenticated && bcrypt.compareSync(ctx.headers["params.password"], authenticated.password)) {
             const sid = Buffer.from(randomBytes(32)).toString('hex');
             session.create(sid, authenticated);
             ctx.json(session.store.get(sid));
@@ -48,7 +50,7 @@ const main = async () => {
         if (ctx.headers["params.id"] && ctx.headers["params.password"]) {
           users.push({
             id: ctx.headers["params.id"],
-            password: ctx.headers["params.password"]
+            password: bcrypt.hashSync(ctx.headers["params.password"], salt)
           })
           ctx.send('done');
         }

diff --git a/examples/nodejs/basic_auth/session-store/index.ts b/examples/nodejs/basic_auth/session-store/index.ts
@@ -6,11 +6,22 @@ export class SessionStore {
   }
 
   public load(headers: { [key:string]:string }) {
-    return this.store.get(headers.sessionId)
+    if(!headers.sessionId) {
+      return null
+    } else { 
+      return this.store.get(headers.sessionId)
+    }
   }
 
-  public create(sessionId: string, session: any) {
-    this.store.set(sessionId, session)
+  public create(sessionId: string, payload: any) {
+    var maxAge = 86400;
+    var oneDay = 86400;
+    var now = new Date().getTime();
+    var expiry = maxAge ? now + maxAge : now + oneDay;
+    this.store.set(sessionId, Object.assign({
+      sid: sessionId,
+      expiry: expiry
+    }, payload))
   }
 
   public clear(sessionId: string) {