ref: switch hashing algorithm for sessions

2023-11-15 11:20:40 -05:00 · 2023-11-15 11:20:40 -05:00 · 1aa2606242
parent d812abfeb1
commit 1aa2606242
3 changed files with 19 additions and 12 deletions
--- a/src/app/login/page.tsx
+++ b/src/app/login/page.tsx
@ -0,0 +1,5 @@
+import LoginForm from "./Login";
+
+export default function LoginPage() {
+  return <LoginForm />;
+}
--- a/src/server/auth/Session.ts
+++ b/src/server/auth/Session.ts
@ -3,10 +3,11 @@ import { db } from "../db";
 import { users, sessions } from "../db/schema";
 import { randomBytes } from "crypto";
 import assert from "assert";
-import { hash as argon2Hash } from "argon2";
 import { env } from "~/env";
 import { IncomingMessage } from "http";
-import { ExtendedRequest } from "../api/trpc";
+import type { ExtendedRequest } from "../api/trpc";
+import logger from "../utils/logger";
+import crypto from "crypto";

 export type SessionUpdateData = Partial<{
  ua: string;
@ -19,14 +20,16 @@ export class Session {
   * currently 30 days.
   */
  static readonly EXPIRE_TIME = 1000 * 60 * 60 * 24 * 30;
+  static readonly logger = logger.child({ module: "sessions" });

  /**
   * Hash function
   */
-  static async hash(token: string) {
-    return argon2Hash(token, {
-      salt: Buffer.from(env.SESSION_SECRET),
-    });
+  static hash(token: string) {
+    return crypto
+      .createHash("sha256")
+      .update(token + env.SESSION_SECRET)
+      .digest("hex");
  }

  /**
@ -36,7 +39,7 @@ export class Session {
   */
  static async fetchFromToken(token: string) {
    // hash token
-    token = await this.hash(token);
+    token = this.hash(token);

    const [sessionData] = await db
      .select()
@ -67,7 +70,7 @@ export class Session {
        : context;

    // hash token
-    token = await this.hash(token);
+    token = this.hash(token);

    const [sessionData] = await db
      .update(sessions)
@ -108,7 +111,7 @@ export class Session {
      .values({
        lastUA: parsedContext.ua,
        lastIP: parsedContext.ip,
-        token: await this.hash(token),
+        token: this.hash(token),
        userId,
      })
      .returning();
--- a/src/server/server.ts
+++ b/src/server/server.ts
@ -7,7 +7,6 @@ import { WebSocketServer } from "ws";
 import { applyWSSHandler } from "@trpc/server/adapters/ws";
 import { appRouter } from "./api/root";
 import { createTRPCContext } from "./api/trpc";
-import { incomingRequestToNextRequest } from "./utils/serverUtils";
 import { migrate } from "drizzle-orm/better-sqlite3/migrator";
 import { db } from "./db";
 import { mkdir, stat } from "fs/promises";
@ -61,7 +60,7 @@ const server = createServer((req, res) => {
      req.url.startsWith("/") ? `http://127.0.0.1${req.url}` : req.url,
    ).pathname.replace("/api/trpc/", "");

-    return nodeHTTPRequestHandler({
+    return void nodeHTTPRequestHandler({
      path,
      req,
      res,
@ -87,7 +86,7 @@ const wss = new WebSocketServer({ noServer: true });
 const trpcHandler = applyWSSHandler({
  wss,
  router: appRouter,
-  createContext: ({ req, res }) => {
+  createContext: ({ req }) => {
    return createTRPCContext({
      req,
    });