UNPKG

happn-password-hash-and-salt

Version:

Simple, safe and straight-forward password hashing / salting for node.js

github.com/happner/password-hash-and-salt

florianheinemann/password-hash-and-salt

126 lines (88 loc) 2.93 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
'use strict'; var crypto = require('crypto'); var password = function(password, iterations) { if (!iterations) iterations = 10000; return { getFunctionParameters:function (fn) { var args = []; var FN_ARGS = /^function\s*[^\(]*\(\s*([^\)]*)\)/m; var FN_ARG_SPLIT = /,/; var FN_ARG = /^\s*(_?)(.+?)\1\s*$/; var STRIP_COMMENTS = /((\/\/.*$)|(\/\*[\s\S]*?\*\/))/mg; if (typeof fn == 'function') { var fnText = fn.toString().replace(STRIP_COMMENTS, ''); var argDecl = fnText.match(FN_ARGS); argDecl[1].split(FN_ARG_SPLIT).map(function (arg) { arg.replace(FN_ARG, function (all, underscore, name) { args.push(name); }); }); return args; } else return null; }, hash: function(salt, callback, digest) { var _this = this; // Make salt optional if(salt instanceof Function) { digest = callback; callback = salt; salt = undefined; } if (!digest) digest = 'sha512'; if(!password) return callback('No password provided'); if(typeof salt === 'string') salt = Buffer.from(salt, 'hex'); var calcHash = function() { var params = _this.getFunctionParameters(crypto.pbkdf2); var hasDigest = params.length > 5; if (!hasDigest) { digest = 'sha1'; crypto.pbkdf2(password, salt, iterations, 64, function(err, key) { if(err) return callback(err); var res = 'pbkdf2$' + iterations + '$' + key.toString('hex') + '$' + salt.toString('hex') + '$' + digest; callback(null, res); }); } else { crypto.pbkdf2(password, salt, iterations, 64, digest, function(err, key) { if(err) return callback(err); var res = 'pbkdf2$' + iterations + '$' + key.toString('hex') + '$' + salt.toString('hex') + '$' + digest; callback(null, res); }); } }; if(!salt) { crypto.randomBytes(64, function(err, gensalt) { if(err) return callback(err); salt = gensalt; calcHash(); }); } else { calcHash(); } }, verifyAgainst: function(hashedPassword, callback) { if(!hashedPassword || !password) return callback(null, false); var key = hashedPassword.split('$'); if(key.length < 4 || !key[2] || !key[3]) return callback('Hash not formatted correctly'); if(key[0] !== 'pbkdf2') return callback('Wrong algorithm'); iterations = parseInt(key[1]); if (!iterations) return callback('Iterations not stored'); var hashedPasswordDigest = 'sha1';//backward compatible with previous passwords var checkAgainst = hashedPassword.toString();//decouple in case we need to add anything if (key[4]) hashedPasswordDigest = key[4]; else checkAgainst += '$sha1'; this.hash(key[3], function(error, newHash) { if(error) return callback(error); callback(null, newHash === checkAgainst); }, hashedPasswordDigest); } }; }; module.exports = password;