Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 13:00:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: update password verification to support legacy client hashes

Browse Source
This commit is contained in:
shuaiplus
2026-05-23 23:07:10 +08:00
parent 03f7fbf601
commit a75955ca6d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/services/auth.ts
+2 -2
View File
@@ -155,10 +155,10 @@ export class AuthService {
return SERVER_HASH_PREFIX + btoa(binary);
}
// Verify password: hash the input the same way, then constant-time compare.
// Verify password: new rows use server-side hashing; legacy rows store the raw client hash.
async verifyPassword(inputHash: string, storedHash: string, email: string): Promise<boolean> {
if (!storedHash.startsWith(SERVER_HASH_PREFIX)) {
return false;
return this.constantTimeEquals(inputHash, storedHash);
}
const serverHash = await this.hashPasswordServer(inputHash, email);
return this.constantTimeEquals(serverHash, storedHash);