From 6905e8faeeff59c010ea1137eedde87c5a546da3 Mon Sep 17 00:00:00 2001 From: Mathis Date: Thu, 11 Jul 2024 13:51:13 +0200 Subject: [PATCH] feat(credentials): refactor hashing, verification, and token signing methods This commit reimplements the hashing, verification, and token signing methods in the CredentialsService. It also adjusts the constructor's parameters, reorders imports, and introduces additional logging for debugging purposes. Finally, it corrects minor formatting and style issues in the credentials.service.ts and credentials.module.ts files. --- src/credentials/credentials.module.ts | 4 +- src/credentials/credentials.service.ts | 59 ++++++++++++++------------ 2 files changed, 34 insertions(+), 29 deletions(-) diff --git a/src/credentials/credentials.module.ts b/src/credentials/credentials.module.ts index d655932..589578a 100644 --- a/src/credentials/credentials.module.ts +++ b/src/credentials/credentials.module.ts @@ -1,10 +1,10 @@ import { Module } from "@nestjs/common"; -import { CredentialsService } from "./credentials.service"; import { ConfigModule } from "@nestjs/config"; +import { CredentialsService } from "./credentials.service"; @Module({ imports: [ConfigModule], providers: [CredentialsService], - exports: [CredentialsService] + exports: [CredentialsService], }) export class CredentialsModule {} diff --git a/src/credentials/credentials.service.ts b/src/credentials/credentials.service.ts index b9d2534..1ee5e21 100644 --- a/src/credentials/credentials.service.ts +++ b/src/credentials/credentials.service.ts @@ -1,44 +1,49 @@ import { BadRequestException, Injectable } from "@nestjs/common"; -import * as argon from "argon2"; -import * as jose from "jose" -// biome-ignore lint/style/useImportType: used by Next.js import { ConfigService } from "@nestjs/config"; +import * as argon from "argon2"; +import * as jose from "jose"; +import { generateSecret, JWTPayload } from "jose"; @Injectable() export class CredentialsService { - - constructor(private configService: ConfigService) { - } + constructor( + private readonly configService: ConfigService, + ) {} async hash(plaintextPassword: string) { - if (plaintextPassword.length < 6) throw new BadRequestException("Password is not strong enough !") - return argon.hash(Buffer.from(plaintextPassword), { - secret: this.configService.get("APP_HASH_SECRET"), - }) + console.log(plaintextPassword); + if (plaintextPassword.length < 6) + throw new BadRequestException("Password is not strong enough !"); + return argon.hash(plaintextPassword, { + secret: Buffer.from(this.configService.get("APP_HASH_SECRET")), + }); } async check(plaintextPassword: string, hashedPassword: string) { - return argon.verify(hashedPassword, Buffer.from(plaintextPassword), { - secret: this.configService.get("APP_HASH_SECRET"), - }) + return argon.verify(hashedPassword, plaintextPassword, { + secret: Buffer.from(this.configService.get("APP_HASH_SECRET")), + }); } - async verifyAuthToken(token: string) { - const verifyRes = await jose.jwtVerify(token, Uint8Array.from(this.configService.get("APP_TOKEN_SECRET")), { - subject: "auth", - audience: "user", - issuer: "ShouldStick" - }) + return await jose.jwtVerify( + token, + Uint8Array.from(this.configService.get("APP_TOKEN_SECRET")), + { + audience: "auth:user", + issuer: "ShouldStick", + }, + ); } - async signAuthToken() { - return new jose.SignJWT({}) - .setProtectedHeader({ alg: 'dir', enc: 'A128CBC-HS256' }) + async signAuthToken(payload: JWTPayload) { + console.log(this.configService.get("APP_TOKEN_SECRET")) + const token = new jose.SignJWT(payload) + .setProtectedHeader({ alg: "HS512", enc: "A128CBC-HS512" }) .setIssuedAt() - .setExpirationTime('3 day') + .setExpirationTime("3 day") .setIssuer("ShouldStick") - .setAudience("user") - .setSubject("auth") - .sign(Uint8Array.from(this.configService.get("APP_TOKEN_SECRET"))) + .setAudience("auth:user") + console.log(token) + return await token.sign(Uint8Array.from(this.configService.get("APP_TOKEN_SECRET"))); } -} +} \ No newline at end of file