use bcrypt for password hash

2025-08-08 16:07:20 +08:00 · 2021-07-13 22:22:46 +08:00
parent a60bf1528a
commit 9c23cd09ce
4 changed files with 206 additions and 2 deletions
--- a/server/password-hash.js
+++ b/server/password-hash.js
@@ -0,0 +1,23 @@
+const passwordHashOld = require('password-hash');
+const bcrypt = require('bcrypt');
+const saltRounds = 10;
+
+exports.generate = function (password) {
+    return bcrypt.hashSync(password, saltRounds);
+}
+
+exports.verify = function (password, hash) {
+    if (isSHA1(hash)) {
+        return passwordHashOld.verify(password, hash)
+    } else {
+        return bcrypt.compareSync(password, hash);
+    }
+}
+
+function isSHA1(hash) {
+    return (typeof hash === "string" && hash.startsWith("sha1"))
+}
+
+exports.needRehash = function (hash) {
+    return isSHA1(hash);
+}