diff options
| author | Mark Powers <markppowers0@gmail.com> | 2019-09-19 17:42:35 -0500 |
|---|---|---|
| committer | Mark Powers <markppowers0@gmail.com> | 2019-09-19 17:42:35 -0500 |
| commit | 14132783ed47bc077b6594c3a4d8f8b970919d3d (patch) | |
| tree | 5d593b2c5fbf4a5289e2cc4810fe9375799cc5b4 | |
| parent | 0dcae858838d2a4bdd2324b31e6f771de6d68294 (diff) | |
Add salt to password hashing
| -rw-r--r-- | src/html/admin.html | 4 | ||||
| -rw-r--r-- | src/index.js | 4 | ||||
| -rw-r--r-- | src/server.js | 12 |
3 files changed, 17 insertions, 3 deletions
diff --git a/src/html/admin.html b/src/html/admin.html index 01a39b4..a97af06 100644 --- a/src/html/admin.html +++ b/src/html/admin.html @@ -28,6 +28,10 @@ </head> <body> + <h1> + <a class="navigation" href="/" title="marks.kitchen"><</a> + Admin + </h1> <div> <h1>Create Post</h1> <div class="form"> diff --git a/src/index.js b/src/index.js index 1214038..c6a5a18 100644 --- a/src/index.js +++ b/src/index.js @@ -68,6 +68,10 @@ function setUpModels(){ password: { type: Sequelize.STRING, allowNull: false, + }, + salt: { + type: Sequelize.STRING, + allowNull: false, },}), "requests": database.define('requests', { session: Sequelize.STRING, diff --git a/src/server.js b/src/server.js index 4355adf..0629d31 100644 --- a/src/server.js +++ b/src/server.js @@ -39,6 +39,12 @@ function listen(port) { server.listen(port, () => console.info(`Listening on port ${port}!`)); } +function hashWithSalt(password, salt){ + var hash = crypto.createHmac('sha512', salt); + hash.update(password); + return hash.digest("base64"); +}; + function setUpRoutes(models, jwtFunctions, database) { // Authentication routine server.use(function (req, res, next) { @@ -164,9 +170,9 @@ function setUpRoutes(models, jwtFunctions, database) { } }) server.post('/login', async (req, res, next) => { - const hash = crypto.createHash("sha512").update(req.body.password, "binary").digest("base64"); - const user = await models.users.findOne({ where: { username: req.body.username, password: hash } }) - if (user) { + const user = await models.users.findOne({ where: { username: req.body.username} }) + const hash = hashWithSalt(req.body.password, user.salt) + if (user.password == hash) { const token = jwtFunctions.sign(user.username); res.cookie('authorization', token, { expires: new Date(Date.now() + (1000 * 60 * 60)) }); console.debug("Redirecting to admin - logged in") |