1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 | 'use strict'
|
8 |
|
9 |
|
10 |
|
11 | var promiseToolbox = require('promise-toolbox')
|
12 |
|
13 | var asCallback = promiseToolbox.asCallback
|
14 | var promisifyAll = promiseToolbox.promisifyAll
|
15 |
|
16 |
|
17 |
|
18 | var has = Object.prototype.hasOwnProperty
|
19 |
|
20 | function assign (target, source) {
|
21 | var i, n, key
|
22 |
|
23 | for (i = 1, n = arguments.length; i < n; ++i) {
|
24 | source = arguments[i]
|
25 | for (key in source) {
|
26 | if (has.call(source, key)) {
|
27 | target[key] = source[key]
|
28 | }
|
29 | }
|
30 | }
|
31 |
|
32 | return target
|
33 | }
|
34 |
|
35 | function forArray (array, iteratee) {
|
36 | for (var i = 0, n = array.length; i < n; ++i) {
|
37 | iteratee(array[i], i, array)
|
38 | }
|
39 | }
|
40 |
|
41 | var isFunction = (function (toString) {
|
42 | var tag = toString.call(toString)
|
43 |
|
44 | return function isFunction (value) {
|
45 | return (toString.call(value) === tag)
|
46 | }
|
47 | })(Object.prototype.toString)
|
48 |
|
49 |
|
50 | var makeAsyncWrapper = (function (push) {
|
51 | return function makeAsyncWrapper (fn) {
|
52 | return function asyncWrapper () {
|
53 | var args = []
|
54 | push.apply(args, arguments)
|
55 | var callback
|
56 |
|
57 | var n = args.length
|
58 | if (n && isFunction(args[n - 1])) {
|
59 | callback = args.pop()
|
60 | }
|
61 |
|
62 | return asCallback.call(new Promise(function (resolve) {
|
63 | resolve(fn.apply(this, args))
|
64 | }), callback)
|
65 | }
|
66 | }
|
67 | })(Array.prototype.push)
|
68 |
|
69 | function startsWith (string, search) {
|
70 | return string.lastIndexOf(search, 0) === 0
|
71 | }
|
72 |
|
73 |
|
74 |
|
75 | var algorithmsById = Object.create(null)
|
76 | var algorithmsByName = Object.create(null)
|
77 |
|
78 | var globalOptions = Object.create(null)
|
79 | exports.options = globalOptions
|
80 |
|
81 | var DEFAULT_ALGO
|
82 | Object.defineProperty(exports, 'DEFAULT_ALGO', {
|
83 | enumerable: true,
|
84 | get: function () {
|
85 | return DEFAULT_ALGO
|
86 | }
|
87 | })
|
88 |
|
89 | function registerAlgorithm (algo) {
|
90 | var name = algo.name
|
91 |
|
92 | if (algorithmsByName[name]) {
|
93 | throw new Error('name ' + name + ' already taken')
|
94 | }
|
95 | algorithmsByName[name] = algo
|
96 |
|
97 | forArray(algo.ids, function (id) {
|
98 | if (algorithmsById[id]) {
|
99 | throw new Error('id ' + id + ' already taken')
|
100 | }
|
101 | algorithmsById[id] = algo
|
102 | })
|
103 |
|
104 | globalOptions[name] = assign(Object.create(null), algo.defaults)
|
105 |
|
106 | if (!DEFAULT_ALGO) {
|
107 | DEFAULT_ALGO = name
|
108 | }
|
109 | }
|
110 |
|
111 |
|
112 |
|
113 | ;(function (bcrypt) {
|
114 | registerAlgorithm({
|
115 | name: 'bcrypt',
|
116 | ids: [ '2', '2a', '2x', '2y' ],
|
117 | defaults: { cost: 10 },
|
118 |
|
119 | getOptions: function (_, info) {
|
120 | return {
|
121 | cost: +info.options
|
122 | }
|
123 | },
|
124 | hash: function (password, options) {
|
125 | return bcrypt.genSalt(options.cost).then(function (salt) {
|
126 | return bcrypt.hash(password, salt)
|
127 | })
|
128 | },
|
129 | needsRehash: function (_, info) {
|
130 | var id = info.id
|
131 | if (
|
132 | id !== '2a' &&
|
133 | id !== '2y'
|
134 | ) {
|
135 | return true
|
136 | }
|
137 |
|
138 |
|
139 | },
|
140 | verify: function (password, hash) {
|
141 |
|
142 | if (startsWith(hash, '$2y$')) {
|
143 | hash = '$2a$' + hash.slice(4)
|
144 | }
|
145 |
|
146 | return bcrypt.compare(password, hash)
|
147 | }
|
148 | })
|
149 | })(promisifyAll(function () {
|
150 | try {
|
151 | return require('bcrypt')
|
152 | } catch (_) {
|
153 | return require('bcryptjs')
|
154 | }
|
155 | }()))
|
156 |
|
157 | try {
|
158 | ;(function (argon2) {
|
159 | var FALSE_FN = function () { return false }
|
160 | var TRUE_FN = function () { return true }
|
161 |
|
162 | var log2 = Math.log2 || (function (log, log2) {
|
163 | return function (value) {
|
164 | return log(value) / log2
|
165 | }
|
166 | })(Math.log, Math.log(2))
|
167 |
|
168 | registerAlgorithm({
|
169 | name: 'argon2',
|
170 | ids: [ 'argon2d', 'argon2i' ],
|
171 | defaults: require('argon2').defaults,
|
172 |
|
173 | getOptions: function (hash, info) {
|
174 | var rawOptions = info.options
|
175 | var options = {}
|
176 |
|
177 |
|
178 | var version
|
179 | if (rawOptions.slice(0, 2) === 'v=') {
|
180 | version = +rawOptions.slice(2)
|
181 |
|
182 | var index = hash.indexOf(rawOptions) + rawOptions.length + 1
|
183 | rawOptions = hash.slice(index, hash.indexOf('$', index))
|
184 | }
|
185 |
|
186 | rawOptions.split(',').forEach(function (datum) {
|
187 | var index = datum.indexOf('=')
|
188 | if (index === -1) {
|
189 | options[datum] = true
|
190 | } else {
|
191 | options[datum.slice(0, index)] = datum.slice(index + 1)
|
192 | }
|
193 | })
|
194 |
|
195 | options = {
|
196 | memoryCost: log2(+options.m),
|
197 | parallelism: +options.p,
|
198 | timeCost: +options.t
|
199 | }
|
200 | if (version != null) {
|
201 | options.version = version
|
202 | }
|
203 | return options
|
204 | },
|
205 | hash: function (password, options) {
|
206 | return argon2.generateSalt().then(function (salt) {
|
207 | return argon2.hash(password, salt, options)
|
208 | })
|
209 | },
|
210 | verify: function (password, hash) {
|
211 | return argon2.verify(hash, password).then(TRUE_FN, FALSE_FN)
|
212 | }
|
213 | })
|
214 | })(require('argon2'))
|
215 | } catch (_) {}
|
216 |
|
217 |
|
218 |
|
219 | var getHashInfo = (function (HASH_RE) {
|
220 | return function getHashInfo (hash) {
|
221 | var matches = hash.match(HASH_RE)
|
222 | if (!matches) {
|
223 | throw new Error('invalid hash ' + hash)
|
224 | }
|
225 |
|
226 | return {
|
227 | id: matches[1],
|
228 | options: matches[2]
|
229 | }
|
230 | }
|
231 | })(/^\$([^$]+)\$([^$]*)\$/)
|
232 |
|
233 | function getAlgorithmByName (name) {
|
234 | var algo = algorithmsByName[name]
|
235 | if (!algo) {
|
236 | throw new Error('no available algorithm with name ' + name)
|
237 | }
|
238 |
|
239 | return algo
|
240 | }
|
241 |
|
242 | function getAlgorithmFromId (id) {
|
243 | var algo = algorithmsById[id]
|
244 | if (!algo) {
|
245 | throw new Error('no available algorithm with id ' + id)
|
246 | }
|
247 |
|
248 | return algo
|
249 | }
|
250 |
|
251 | function getAlgorithmFromHash (hash) {
|
252 | return getAlgorithmFromId(getHashInfo(hash).id)
|
253 | }
|
254 |
|
255 |
|
256 |
|
257 |
|
258 |
|
259 |
|
260 |
|
261 |
|
262 |
|
263 |
|
264 |
|
265 |
|
266 |
|
267 | function hash (password, algo, options) {
|
268 | algo = getAlgorithmByName(algo || DEFAULT_ALGO)
|
269 |
|
270 | return algo.hash(
|
271 | password,
|
272 | assign(Object.create(null), globalOptions[algo.name], options)
|
273 | )
|
274 | }
|
275 | exports.hash = makeAsyncWrapper(hash)
|
276 |
|
277 |
|
278 |
|
279 |
|
280 |
|
281 |
|
282 |
|
283 |
|
284 |
|
285 |
|
286 | function getInfo (hash) {
|
287 | var info = getHashInfo(hash)
|
288 | var algo = getAlgorithmFromId(info.id)
|
289 | info.algorithm = algo.name
|
290 | info.options = algo.getOptions(hash, info)
|
291 |
|
292 | return info
|
293 | }
|
294 | exports.getInfo = getInfo
|
295 |
|
296 |
|
297 |
|
298 |
|
299 |
|
300 |
|
301 |
|
302 |
|
303 |
|
304 |
|
305 |
|
306 |
|
307 |
|
308 | function needsRehash (hash, algo, options) {
|
309 | var info = getInfo(hash)
|
310 |
|
311 | if (info.algorithm !== (algo || DEFAULT_ALGO)) {
|
312 | return true
|
313 | }
|
314 |
|
315 | var algoNeedsRehash = getAlgorithmFromId(info.id).needsRehash
|
316 | var result = algoNeedsRehash && algoNeedsRehash(hash, info)
|
317 | if (typeof result === 'boolean') {
|
318 | return result
|
319 | }
|
320 |
|
321 | var expected = assign(Object.create(null), globalOptions[info.algorithm], options)
|
322 | var actual = info.options
|
323 |
|
324 | for (var prop in expected) {
|
325 | var value = expected[prop]
|
326 | if (
|
327 | typeof value === 'number' &&
|
328 | !(value <= actual[prop])
|
329 | ) {
|
330 | return true
|
331 | }
|
332 | }
|
333 |
|
334 | return false
|
335 | }
|
336 | exports.needsRehash = needsRehash
|
337 |
|
338 |
|
339 |
|
340 |
|
341 |
|
342 |
|
343 |
|
344 |
|
345 |
|
346 |
|
347 | function verify (password, hash) {
|
348 | return getAlgorithmFromHash(hash).verify(password, hash)
|
349 | }
|
350 | exports.verify = makeAsyncWrapper(verify)
|