From 1aa260624232471a2c50f405310460cc618a6a54 Mon Sep 17 00:00:00 2001
From: Derock <derock@derock.dev>
Date: Wed, 15 Nov 2023 11:20:40 -0500
Subject: [PATCH] ref: switch hashing algorithm for sessions

---
 src/app/login/page.tsx     |  5 +++++
 src/server/auth/Session.ts | 21 ++++++++++++---------
 src/server/server.ts       |  5 ++---
 3 files changed, 19 insertions(+), 12 deletions(-)
 create mode 100644 src/app/login/page.tsx

diff --git a/src/app/login/page.tsx b/src/app/login/page.tsx
new file mode 100644
index 0000000..accb023
--- /dev/null
+++ b/src/app/login/page.tsx
@@ -0,0 +1,5 @@
+import LoginForm from "./Login";
+
+export default function LoginPage() {
+  return <LoginForm />;
+}
diff --git a/src/server/auth/Session.ts b/src/server/auth/Session.ts
index e7a92f0..c9d90d2 100644
--- a/src/server/auth/Session.ts
+++ b/src/server/auth/Session.ts
@@ -3,10 +3,11 @@ import { db } from "../db";
 import { users, sessions } from "../db/schema";
 import { randomBytes } from "crypto";
 import assert from "assert";
-import { hash as argon2Hash } from "argon2";
 import { env } from "~/env";
 import { IncomingMessage } from "http";
-import { ExtendedRequest } from "../api/trpc";
+import type { ExtendedRequest } from "../api/trpc";
+import logger from "../utils/logger";
+import crypto from "crypto";
 
 export type SessionUpdateData = Partial<{
   ua: string;
@@ -19,14 +20,16 @@ export class Session {
    * currently 30 days.
    */
   static readonly EXPIRE_TIME = 1000 * 60 * 60 * 24 * 30;
+  static readonly logger = logger.child({ module: "sessions" });
 
   /**
    * Hash function
    */
-  static async hash(token: string) {
-    return argon2Hash(token, {
-      salt: Buffer.from(env.SESSION_SECRET),
-    });
+  static hash(token: string) {
+    return crypto
+      .createHash("sha256")
+      .update(token + env.SESSION_SECRET)
+      .digest("hex");
   }
 
   /**
@@ -36,7 +39,7 @@ export class Session {
    */
   static async fetchFromToken(token: string) {
     // hash token
-    token = await this.hash(token);
+    token = this.hash(token);
 
     const [sessionData] = await db
       .select()
@@ -67,7 +70,7 @@ export class Session {
         : context;
 
     // hash token
-    token = await this.hash(token);
+    token = this.hash(token);
 
     const [sessionData] = await db
       .update(sessions)
@@ -108,7 +111,7 @@ export class Session {
       .values({
         lastUA: parsedContext.ua,
         lastIP: parsedContext.ip,
-        token: await this.hash(token),
+        token: this.hash(token),
         userId,
       })
       .returning();
diff --git a/src/server/server.ts b/src/server/server.ts
index ad98661..bccf1df 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -7,7 +7,6 @@ import { WebSocketServer } from "ws";
 import { applyWSSHandler } from "@trpc/server/adapters/ws";
 import { appRouter } from "./api/root";
 import { createTRPCContext } from "./api/trpc";
-import { incomingRequestToNextRequest } from "./utils/serverUtils";
 import { migrate } from "drizzle-orm/better-sqlite3/migrator";
 import { db } from "./db";
 import { mkdir, stat } from "fs/promises";
@@ -61,7 +60,7 @@ const server = createServer((req, res) => {
       req.url.startsWith("/") ? `http://127.0.0.1${req.url}` : req.url,
     ).pathname.replace("/api/trpc/", "");
 
-    return nodeHTTPRequestHandler({
+    return void nodeHTTPRequestHandler({
       path,
       req,
       res,
@@ -87,7 +86,7 @@ const wss = new WebSocketServer({ noServer: true });
 const trpcHandler = applyWSSHandler({
   wss,
   router: appRouter,
-  createContext: ({ req, res }) => {
+  createContext: ({ req }) => {
     return createTRPCContext({
       req,
     });