@rnaga/wp-node 1.2.3 → 1.2.6

package/common/password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/common/password.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY,GAAI,WAAW,MAAM,WAG7C,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,WAAW,MAAM,EAAE,YAAY,MAAM,YAGlE,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAC3B,SAAQ,MAAW,EACnB,eAAc,OAAc,EAC5B,oBAAmB,OAAe,KACjC,MAmBF,CAAC"}
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/common/password.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,YAAY,GAAI,WAAW,MAAM,WAG7C,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,WAAW,MAAM,EAAE,YAAY,MAAM,YAGlE,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAC3B,SAAQ,MAAW,EACnB,eAAc,OAAc,EAC5B,oBAAmB,OAAe,KACjC,MAmBF,CAAC"}

package/common/password.js

@@ -32,9 +32,13 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.generatePassword = exports.checkPassword = exports.hashPassword = void 0;
 const crypto = __importStar(require("crypto"));
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
 const hashPassword = (plainText) => {
     const passwordHash = new PasswordHash(8, true);
     return passwordHash.hashPassword(plainText);
@@ -207,18 +211,84 @@ class PasswordHash {
         }
         return "*";
     }
+    // https://github.com/WordPress/wordpress-develop/blob/063a74f93f0a89d1d92fac1f25c49a379ab3476b/src/wp-includes/pluggable.php#L2740
     checkPassword(password, storedHash) {
+        // Passwords longer than 4096 characters are not supported
         if (password.length > 4096) {
             return false;
         }
-        let hash = this.cryptPrivate(password, storedHash);
-        if (hash[0] === "*") {
-            hash = crypto
-                .createHash("md5")
-                .update(password, "binary")
-                .digest("binary");
-            hash = this.cryptPrivate(password, storedHash);
+        // Check the hash using md5 regardless of the current hashing mechanism (legacy support)
+        if (storedHash.length <= 32) {
+            const md5Hash = crypto.createHash("md5").update(password).digest("hex");
+            return this.hashEquals(storedHash, md5Hash);
+        }
+        // Check the password using the current WordPress prefixed hash ($wp$ prefix)
+        if (storedHash.startsWith("$wp$")) {
+            try {
+                // WordPress 6.8+ uses SHA384 HMAC preprocessing before bcrypt
+                const passwordToVerify = crypto
+                    .createHmac("sha384", "wp-sha384")
+                    .update(password)
+                    .digest("base64");
+                const bcryptHash = storedHash.substring(3); // Remove "$wp" prefix
+                return this.verifyPassword(passwordToVerify, bcryptHash);
+            }
+            catch (err) {
+                console.error("Error verifying WordPress prefixed hash:", err);
+                return false;
+            }
+        }
+        // Check the password using phpass ($P$ prefix)
+        if (storedHash.startsWith("$P$")) {
+            let hash = this.cryptPrivate(password, storedHash);
+            if (hash[0] === "*") {
+                hash = crypto
+                    .createHash("md5")
+                    .update(password, "binary")
+                    .digest("binary");
+                hash = this.cryptPrivate(password, storedHash);
+            }
+            return hash === storedHash;
+        }
+        // Check the password using compat support for any non-prefixed hash (bcrypt, Argon2, etc.)
+        try {
+            return this.verifyPassword(password, storedHash);
+        }
+        catch (err) {
+            console.error("Error verifying non-prefixed hash:", err);
+            return false;
+        }
+    }
+    /**
+     * Secure hash comparison to prevent timing attacks
+     */
+    hashEquals(hash1, hash2) {
+        if (hash1.length !== hash2.length) {
+            return false;
+        }
+        let result = 0;
+        for (let i = 0; i < hash1.length; i++) {
+            result |= hash1.charCodeAt(i) ^ hash2.charCodeAt(i);
+        }
+        return result === 0;
+    }
+    /**
+     * Verify password using modern hashing algorithms (bcrypt, Argon2, etc.)
+     */
+    verifyPassword(password, hash) {
+        try {
+            // Try bcrypt first (most common)
+            if (hash.match(/^\$2[axyb]\$/)) {
+                return bcryptjs_1.default.compareSync(password, hash);
+            }
+            // For other algorithms, we would need additional libraries
+            // For now, we'll just try bcrypt and return false for unsupported formats
+            console.warn(`Unsupported hash format: ${hash.substring(0, 10)}...`);
+            return false;
+        }
+        catch (err) {
+            console.error("Error in password verification:", err);
+            return false;
         }
-        return hash === storedHash;
     }
 }

package/crud/error.d.ts

@@ -13,8 +13,7 @@ export declare class StatusCodeMapper {
 }
 declare class CustomError extends Error {
     statusCode: StatusCode;
-    isOperational: boolean;
-    constructor(message: string, statusMessage: StatusMessage, isOperational?: boolean, stack?: string);
+    constructor(message: string, statusMessage: StatusMessage);
 }
 export declare class CrudError extends CustomError {
     constructor(statusMessage: StatusMessage | undefined, detail: string);

package/crud/error.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/crud/error.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAE/C,oBAAY,aAAa;IACvB,WAAW,gBAAgB;IAC3B,YAAY,iBAAiB;IAC7B,SAAS,cAAc;IACvB,qBAAqB,0BAA0B;CAChD;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAC,SAAS,CAKb;IAEX,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAMU;WAE3B,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,UAAU;WAI3C,UAAU,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa;CAKhE;AAED,cAAM,WAAY,SAAQ,KAAK;IACtB,UAAU,EAAE,UAAU,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;gBAG5B,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,aAAa,EAC5B,aAAa,GAAE,OAAc,EAC7B,KAAK,SAAK;CAWb;AAED,qBAAa,SAAU,SAAQ,WAAW;gBAEtC,aAAa,EAAE,aAAa,YAAsC,EAClE,MAAM,EAAE,MAAM;CAKjB"}
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/crud/error.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAE/C,oBAAY,aAAa;IACvB,WAAW,gBAAgB;IAC3B,YAAY,iBAAiB;IAC7B,SAAS,cAAc;IACvB,qBAAqB,0BAA0B;CAChD;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAC,SAAS,CAKb;IAEX,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAMU;WAE3B,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,UAAU;WAI3C,UAAU,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa;CAKhE;AAED,cAAM,WAAY,SAAQ,KAAK;IACtB,UAAU,EAAE,UAAU,CAAC;gBAElB,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa;CAK1D;AAED,qBAAa,SAAU,SAAQ,WAAW;gBAEtC,aAAa,EAAE,aAAa,YAAsC,EAClE,MAAM,EAAE,MAAM;CAKjB"}

package/crud/error.js

@@ -29,22 +29,15 @@ class StatusCodeMapper {
 exports.StatusCodeMapper = StatusCodeMapper;
 class CustomError extends Error {
     statusCode;
-    isOperational;
-    constructor(message, statusMessage, isOperational = true, stack = "") {
+    constructor(message, statusMessage) {
         super(message);
         this.statusCode = StatusCodeMapper.getCode(statusMessage);
-        this.isOperational = isOperational;
-        if (stack) {
-            this.stack = stack;
-        }
-        else {
-            Error.captureStackTrace(this, this.constructor);
-        }
+        Error.captureStackTrace(this, this.constructor);
     }
 }
 class CrudError extends CustomError {
     constructor(statusMessage = StatusMessage.INTERNAL_SERVER_ERROR, detail) {
-        super(`Error: ${detail}`, statusMessage, true);
+        super(`Error: ${detail}`, statusMessage);
         Object.setPrototypeOf(this, CrudError.prototype);
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rnaga/wp-node",
-  "version": "1.2.3",
+  "version": "1.2.6",
   "description": "",
   "scripts": {
     "build": "rm -rf ./dist && tsc --project tsconfig.build.json && npm run copyfiles && cp package.json ./dist/",
@@ -23,11 +23,12 @@
     "@types/node": "^22",
     "copyfiles": "^2.4.1",
     "ts-node": "^10.9.1",
-    "typescript": "^5.8.3",
+    "typescript": "^5.9",
     "wordpress-hash-node": "^1.0.0"
   },
   "dependencies": {
-    "bcryptjs": "^3.0.0",
+    "@types/bcryptjs": "^2.4.6",
+    "bcryptjs": "^3.0.2",
     "deep-object-diff": "^1.1.9",
     "knex": "^3.1.0",
     "moment-timezone": "^0.6.0",

package/validators/transactions/term.d.ts

@@ -1,18 +1,18 @@
 export declare const termUpdate: import("zod").ZodObject<{
-    parent: import("zod").ZodDefault<import("zod").ZodNumber>;
     taxonomy: import("zod").ZodDefault<import("zod").ZodString>;
     name: import("zod").ZodString;
     term_id: import("zod").ZodDefault<import("zod").ZodNumber>;
     term_taxonomy_id: import("zod").ZodNumber;
     description: import("zod").ZodDefault<import("zod").ZodString>;
+    parent: import("zod").ZodDefault<import("zod").ZodNumber>;
     slug: import("zod").ZodPipe<import("zod").ZodString, import("zod").ZodTransform<string, string>>;
     term_group: import("zod").ZodDefault<import("zod").ZodNumber>;
 }, import("zod/v4/core").$strip>;
 export declare const termInsert: import("zod").ZodObject<{
-    parent: import("zod").ZodDefault<import("zod").ZodNumber>;
     taxonomy: import("zod").ZodDefault<import("zod").ZodString>;
     name: import("zod").ZodString;
     description: import("zod").ZodDefault<import("zod").ZodString>;
+    parent: import("zod").ZodDefault<import("zod").ZodNumber>;
     slug: import("zod").ZodPipe<import("zod").ZodString, import("zod").ZodTransform<string, string>>;
     term_group: import("zod").ZodDefault<import("zod").ZodNumber>;
 }, import("zod/v4/core").$strip>;