From c8bdbf9e0af669eb0eb5db5b0210e81bbc4a7721 Mon Sep 17 00:00:00 2001 From: MiguelMLorente Date: Sat, 6 Dec 2025 23:53:13 +0100 Subject: [PATCH] Hash passwords storage --- package-lock.json | 35 +++++++++++++++++++++++++++++++++++ package.json | 1 + src/service/auth.service.ts | 5 +++-- src/service/user.service.ts | 5 ++++- 4 files changed, 43 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 422faca..4b93793 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,6 +14,7 @@ "@nestjs/jwt": "^11.0.2", "@nestjs/platform-express": "^11.0.1", "@nestjs/typeorm": "^11.0.0", + "bcrypt": "^6.0.0", "dotenv": "^17.2.3", "pg": "^8.16.3", "reflect-metadata": "^0.2.2", @@ -4181,6 +4182,20 @@ "baseline-browser-mapping": "dist/cli.js" } }, + "node_modules/bcrypt": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/bcrypt/-/bcrypt-6.0.0.tgz", + "integrity": "sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==", + "hasInstallScript": true, + "license": "MIT", + "dependencies": { + "node-addon-api": "^8.3.0", + "node-gyp-build": "^4.8.4" + }, + "engines": { + "node": ">= 18" + } + }, "node_modules/bl": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz", @@ -8045,6 +8060,15 @@ "dev": true, "license": "MIT" }, + "node_modules/node-addon-api": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.5.0.tgz", + "integrity": "sha512-/bRZty2mXUIFY/xU5HLvveNHlswNJej+RnxBjOMkidWfwZzgTbPG1E3K5TOxRLOR+5hX7bSofy8yf1hZevMS8A==", + "license": "MIT", + "engines": { + "node": "^18 || ^20 || >= 21" + } + }, "node_modules/node-emoji": { "version": "1.11.0", "resolved": "https://registry.npmjs.org/node-emoji/-/node-emoji-1.11.0.tgz", @@ -8055,6 +8079,17 @@ "lodash": "^4.17.21" } }, + "node_modules/node-gyp-build": { + "version": "4.8.4", + "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.4.tgz", + "integrity": "sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==", + "license": "MIT", + "bin": { + "node-gyp-build": "bin.js", + "node-gyp-build-optional": "optional.js", + "node-gyp-build-test": "build-test.js" + } + }, "node_modules/node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", diff --git a/package.json b/package.json index 5c0310d..ca7e74f 100644 --- a/package.json +++ b/package.json @@ -20,6 +20,7 @@ "@nestjs/jwt": "^11.0.2", "@nestjs/platform-express": "^11.0.1", "@nestjs/typeorm": "^11.0.0", + "bcrypt": "^6.0.0", "dotenv": "^17.2.3", "pg": "^8.16.3", "reflect-metadata": "^0.2.2", diff --git a/src/service/auth.service.ts b/src/service/auth.service.ts index a0c1a2b..04c79fe 100644 --- a/src/service/auth.service.ts +++ b/src/service/auth.service.ts @@ -1,6 +1,7 @@ import { Injectable, UnauthorizedException } from '@nestjs/common'; import { JwtService } from '@nestjs/jwt'; import { UserService } from './user.service'; +import * as bcrypt from 'bcrypt'; @Injectable() export class AuthService { @@ -9,9 +10,9 @@ export class AuthService { private jwtService: JwtService, ) {} - async signIn(name: string, password: string) { + public async signIn(name: string, password: string) { const user = await this.usersService.getUserByName(name); - if (user?.password !== password) { + if (!(await bcrypt.compare(password, user?.password))) { throw new UnauthorizedException(); } diff --git a/src/service/user.service.ts b/src/service/user.service.ts index 0b6b6df..3ceea84 100644 --- a/src/service/user.service.ts +++ b/src/service/user.service.ts @@ -2,6 +2,7 @@ import { Injectable, Logger, NotFoundException } from '@nestjs/common'; import { InjectRepository } from '@nestjs/typeorm'; import { User } from 'src/dto/user'; import { Repository } from 'typeorm'; +import * as bcrypt from 'bcrypt'; @Injectable() export class UserService { @@ -36,9 +37,11 @@ export class UserService { } this.logger.debug(`Creating user with name: ${name}`); + this.logger.debug(`BCrypt password: ${await bcrypt.hash(password, 10)}`); + this.logger.debug(`Password: ${password}`); const user: User = this.userRepo.create({ name, - password, + password: await bcrypt.hash(password, 10), purchases: [], joinedSessions: [], token: {