1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 | 'use strict'
|
8 |
|
9 |
|
10 |
|
11 | var promiseToolbox = require('promise-toolbox')
|
12 |
|
13 | var asCallback = promiseToolbox.asCallback
|
14 | var promisifyAll = promiseToolbox.promisifyAll
|
15 |
|
16 |
|
17 |
|
18 | var has = Object.prototype.hasOwnProperty
|
19 |
|
20 | function assign (target, source) {
|
21 | var i, n, key
|
22 |
|
23 | for (i = 1, n = arguments.length; i < n; ++i) {
|
24 | source = arguments[i]
|
25 | for (key in source) {
|
26 | if (has.call(source, key)) {
|
27 | target[key] = source[key]
|
28 | }
|
29 | }
|
30 | }
|
31 |
|
32 | return target
|
33 | }
|
34 |
|
35 | function forArray (array, iteratee) {
|
36 | for (var i = 0, n = array.length; i < n; ++i) {
|
37 | iteratee(array[i], i, array)
|
38 | }
|
39 | }
|
40 |
|
41 | var isFunction = (function (toString) {
|
42 | var tag = toString.call(toString)
|
43 |
|
44 | return function isFunction (value) {
|
45 | return (toString.call(value) === tag)
|
46 | }
|
47 | })(Object.prototype.toString)
|
48 |
|
49 |
|
50 | var makeAsyncWrapper = (function (push) {
|
51 | return function makeAsyncWrapper (fn) {
|
52 | return function asyncWrapper () {
|
53 | var args = []
|
54 | push.apply(args, arguments)
|
55 | var callback
|
56 |
|
57 | var n = args.length
|
58 | if (n && isFunction(args[n - 1])) {
|
59 | callback = args.pop()
|
60 | }
|
61 |
|
62 | return asCallback.call(new Promise(function (resolve) {
|
63 | resolve(fn.apply(this, args))
|
64 | }), callback)
|
65 | }
|
66 | }
|
67 | })(Array.prototype.push)
|
68 |
|
69 | function startsWith (string, search) {
|
70 | return string.lastIndexOf(search, 0) === 0
|
71 | }
|
72 |
|
73 |
|
74 |
|
75 | var algorithmsById = Object.create(null)
|
76 | var algorithmsByName = Object.create(null)
|
77 |
|
78 | var globalOptions = Object.create(null)
|
79 | exports.options = globalOptions
|
80 |
|
81 | var DEFAULT_ALGO
|
82 |
|
83 | function registerAlgorithm (algo) {
|
84 | var name = algo.name
|
85 |
|
86 | if (algorithmsByName[name]) {
|
87 | throw new Error('name ' + name + ' already taken')
|
88 | }
|
89 | algorithmsByName[name] = algo
|
90 |
|
91 | forArray(algo.ids, function (id) {
|
92 | if (algorithmsById[id]) {
|
93 | throw new Error('id ' + id + ' already taken')
|
94 | }
|
95 | algorithmsById[id] = algo
|
96 | })
|
97 |
|
98 | globalOptions[name] = assign(Object.create(null), algo.defaults)
|
99 |
|
100 | if (!DEFAULT_ALGO) {
|
101 | DEFAULT_ALGO = name
|
102 | }
|
103 | }
|
104 |
|
105 |
|
106 |
|
107 | ;(function (bcrypt) {
|
108 | registerAlgorithm({
|
109 | name: 'bcrypt',
|
110 | ids: [ '2', '2a', '2x', '2y' ],
|
111 | defaults: { cost: 10 },
|
112 |
|
113 | getOptions: function (_, info) {
|
114 | return {
|
115 | cost: +info.options
|
116 | }
|
117 | },
|
118 | hash: function (password, options) {
|
119 | return bcrypt.genSalt(options.cost).then(function (salt) {
|
120 | return bcrypt.hash(password, salt)
|
121 | })
|
122 | },
|
123 | needsRehash: function (_, info) {
|
124 | var id = info.id
|
125 | if (
|
126 | id !== '2a' &&
|
127 | id !== '2y'
|
128 | ) {
|
129 | return true
|
130 | }
|
131 |
|
132 |
|
133 | },
|
134 | verify: function (password, hash) {
|
135 |
|
136 | if (startsWith(hash, '$2y$')) {
|
137 | hash = '$2a$' + hash.slice(4)
|
138 | }
|
139 |
|
140 | return bcrypt.compare(password, hash)
|
141 | }
|
142 | })
|
143 | })(promisifyAll.call(function () {
|
144 | try {
|
145 | return require('bcrypt')
|
146 | } catch (_) {
|
147 | return require('bcryptjs')
|
148 | }
|
149 | }()))
|
150 |
|
151 | try {
|
152 | ;(function (argon2) {
|
153 | var FALSE_FN = function () { return false }
|
154 | var TRUE_FN = function () { return true }
|
155 |
|
156 | var log2 = Math.log2 || (function (log, log2) {
|
157 | return function (value) {
|
158 | return log(value) / log2
|
159 | }
|
160 | })(Math.log, Math.log(2))
|
161 |
|
162 | registerAlgorithm({
|
163 | name: 'argon2',
|
164 | ids: [ 'argon2d', 'argon2i' ],
|
165 | defaults: require('argon2').defaults,
|
166 |
|
167 | getOptions: function (_, info) {
|
168 | var options = {}
|
169 | info.options.split(',').forEach(function (datum) {
|
170 | var index = datum.indexOf('=')
|
171 | if (index === -1) {
|
172 | options[datum] = true
|
173 | } else {
|
174 | options[datum.slice(0, index)] = datum.slice(index + 1)
|
175 | }
|
176 | })
|
177 | return {
|
178 | memoryCost: log2(+options.m),
|
179 | parallelism: +options.p,
|
180 | timeCost: +options.t
|
181 | }
|
182 | },
|
183 | hash: function (password, options) {
|
184 | return argon2.generateSalt().then(function (salt) {
|
185 | return argon2.hash(password, salt, options)
|
186 | })
|
187 | },
|
188 | verify: function (password, hash) {
|
189 | return argon2.verify(hash, password).then(TRUE_FN, FALSE_FN)
|
190 | }
|
191 | })
|
192 | })(require('argon2'))
|
193 | } catch (_) {}
|
194 |
|
195 |
|
196 |
|
197 | var getHashInfo = (function (HASH_RE) {
|
198 | return function getHashInfo (hash) {
|
199 | var matches = hash.match(HASH_RE)
|
200 | if (!matches) {
|
201 | throw new Error('invalid hash ' + hash)
|
202 | }
|
203 |
|
204 | return {
|
205 | id: matches[1],
|
206 | options: matches[2]
|
207 | }
|
208 | }
|
209 | })(/^\$([^$]+)\$([^$]*)\$/)
|
210 |
|
211 | function getAlgorithmByName (name) {
|
212 | var algo = algorithmsByName[name]
|
213 | if (!algo) {
|
214 | throw new Error('no available algorithm with name ' + name)
|
215 | }
|
216 |
|
217 | return algo
|
218 | }
|
219 |
|
220 | function getAlgorithmFromId (id) {
|
221 | var algo = algorithmsById[id]
|
222 | if (!algo) {
|
223 | throw new Error('no available algorithm with id ' + id)
|
224 | }
|
225 |
|
226 | return algo
|
227 | }
|
228 |
|
229 | function getAlgorithmFromHash (hash) {
|
230 | return getAlgorithmFromId(getHashInfo(hash).id)
|
231 | }
|
232 |
|
233 |
|
234 |
|
235 |
|
236 |
|
237 |
|
238 |
|
239 |
|
240 |
|
241 |
|
242 |
|
243 |
|
244 |
|
245 | function hash (password, algo, options) {
|
246 | algo = getAlgorithmByName(algo || DEFAULT_ALGO)
|
247 |
|
248 | return algo.hash(
|
249 | password,
|
250 | assign(Object.create(null), globalOptions[algo.name], options)
|
251 | )
|
252 | }
|
253 | exports.hash = makeAsyncWrapper(hash)
|
254 |
|
255 |
|
256 |
|
257 |
|
258 |
|
259 |
|
260 |
|
261 |
|
262 |
|
263 |
|
264 | function getInfo (hash) {
|
265 | var info = getHashInfo(hash)
|
266 | var algo = getAlgorithmFromId(info.id)
|
267 | info.algorithm = algo.name
|
268 | info.options = algo.getOptions(hash, info)
|
269 |
|
270 | return info
|
271 | }
|
272 | exports.getInfo = getInfo
|
273 |
|
274 |
|
275 |
|
276 |
|
277 |
|
278 |
|
279 |
|
280 |
|
281 |
|
282 |
|
283 |
|
284 |
|
285 |
|
286 | function needsRehash (hash, algo, options) {
|
287 | var info = getInfo(hash)
|
288 |
|
289 | if (info.algorithm !== (algo || DEFAULT_ALGO)) {
|
290 | return true
|
291 | }
|
292 |
|
293 | var algoNeedsRehash = getAlgorithmFromId(info.id).needsRehash
|
294 | var result = algoNeedsRehash && algoNeedsRehash(hash, info)
|
295 | if (typeof result === 'boolean') {
|
296 | return result
|
297 | }
|
298 |
|
299 | var expected = assign(Object.create(null), globalOptions[info.algorithm], options)
|
300 | var actual = info.options
|
301 |
|
302 | for (var prop in expected) {
|
303 | var value = expected[prop]
|
304 | if (
|
305 | typeof value === 'number' &&
|
306 | !(value <= actual[prop])
|
307 | ) {
|
308 | return true
|
309 | }
|
310 | }
|
311 |
|
312 | return false
|
313 | }
|
314 | exports.needsRehash = needsRehash
|
315 |
|
316 |
|
317 |
|
318 |
|
319 |
|
320 |
|
321 |
|
322 |
|
323 |
|
324 |
|
325 | function verify (password, hash) {
|
326 | return getAlgorithmFromHash(hash).verify(password, hash)
|
327 | }
|
328 | exports.verify = makeAsyncWrapper(verify)
|