@rpcbase/auth 0.55.0 → 0.57.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/api/sign-in/handler.d.ts.map +1 -1
  2. package/dist/api/sign-up/handler.d.ts.map +1 -1
  3. package/dist/{handler-Rf4brHOs.js → handler-ByODvDJo.js} +6 -9
  4. package/dist/{handler-CLZl3E7O.js → handler-DgTUP3cD.js} +2 -4
  5. package/dist/routes.js +1 -1
  6. package/package.json +1 -1
package/dist/api/sign-in/handler.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAInD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBA4DlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}
1
+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAInD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBAwDlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}
package/dist/api/sign-up/handler.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-up/handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAInD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBAgFlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}
1
+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-up/handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAInD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBA8ElC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}
package/dist/{handler-Rf4brHOs.js → handler-ByODvDJo.js} RENAMED
@@ -1,6 +1,5 @@
1
- import crypto from "crypto";
2
1
  import { loadModel } from "@rpcbase/db";
3
- import { hashPassword } from "@rpcbase/server";
2
+ import { verifyPasswordFromStorage } from "@rpcbase/server";
4
3
  import { R as Route, r as requestSchema } from "./index-Bdcryyvv.js";
5
4
  const signIn = async (payload, ctx) => {
6
5
  const User = await loadModel("RBUser", ctx);
@@ -15,14 +14,12 @@ const signIn = async (payload, ctx) => {
15
14
  ctx.res.status(401);
16
15
  return { success: false, error: "invalid_credentials" };
17
16
  }
18
- const [salt, hashedPassword] = String(user.password).split(":");
19
- if (!salt || !hashedPassword) {
20
- ctx.res.status(500);
21
- return { success: false, error: "invalid_password_format" };
22
- }
23
- const derivedKey = await hashPassword(password, salt);
24
- const passwordMatches = crypto.timingSafeEqual(Buffer.from(hashedPassword, "hex"), derivedKey);
17
+ const stored = String(user.password);
18
+ const passwordMatches = await verifyPasswordFromStorage(password, stored);
25
19
  if (!passwordMatches) {
20
+ if (!stored.startsWith("$scrypt$")) {
21
+ console.warn("auth::sign-in invalid stored password format", user._id.toString());
22
+ }
26
23
  ctx.res.status(401);
27
24
  return { success: false, error: "invalid_credentials" };
28
25
  }
package/dist/{handler-CLZl3E7O.js → handler-DgTUP3cD.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import crypto from "crypto";
2
2
  import { loadModel } from "@rpcbase/db";
3
- import { hashPassword, sendEmail } from "@rpcbase/server";
3
+ import { hashPasswordForStorage, sendEmail } from "@rpcbase/server";
4
4
  import { R as Route, r as requestSchema } from "./index-DwX0Y2YV.js";
5
5
  const signUp = async (payload, ctx) => {
6
6
  const User = await loadModel("RBUser", ctx);
@@ -17,9 +17,7 @@ const signUp = async (payload, ctx) => {
17
17
  ctx.res.status(409);
18
18
  return { success: false, error: "user_exists" };
19
19
  }
20
- const salt = crypto.randomBytes(16).toString("hex");
21
- const derivedKey = await hashPassword(password, salt);
22
- const hashedPassword = `${salt}:${derivedKey.toString("hex")}`;
20
+ const hashedPassword = await hashPasswordForStorage(password);
23
21
  const tenantId = crypto.randomUUID();
24
22
  const emailVerificationCode = crypto.randomInt(0, 1e6).toString().padStart(6, "0");
25
23
  const emailVerificationExpiresAt = new Date(Date.now() + 10 * 60 * 1e3);
package/dist/routes.js CHANGED
@@ -1,5 +1,5 @@
1
1
  const routes = Object.entries({
2
- .../* @__PURE__ */ Object.assign({ "./api/me/handler.ts": () => import("./handler-C9aNvw-Q.js"), "./api/sign-in/handler.ts": () => import("./handler-Rf4brHOs.js"), "./api/sign-out/handler.ts": () => import("./handler-CNHucHrj.js"), "./api/sign-up/handler.ts": () => import("./handler-CLZl3E7O.js"), "./api/verify-otp/handler.ts": () => import("./handler-49961uAb.js") })
2
+ .../* @__PURE__ */ Object.assign({ "./api/me/handler.ts": () => import("./handler-C9aNvw-Q.js"), "./api/sign-in/handler.ts": () => import("./handler-ByODvDJo.js"), "./api/sign-out/handler.ts": () => import("./handler-CNHucHrj.js"), "./api/sign-up/handler.ts": () => import("./handler-DgTUP3cD.js"), "./api/verify-otp/handler.ts": () => import("./handler-49961uAb.js") })
3
3
  }).reduce((acc, [path, mod]) => {
4
4
  acc[path.replace("./api/", "@rpcbase/auth/api/")] = mod;
5
5
  return acc;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rpcbase/auth",
3
- "version": "0.55.0",
3
+ "version": "0.57.0",
4
4
  "type": "module",
5
5
  "files": [
6
6
  "dist"