Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 13:00:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: update password verification to support legacy client hashes

Browse Source
This commit is contained in:
shuaiplus
2026-05-23 23:07:10 +08:00
parent 03f7fbf601
commit a75955ca6d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/services/auth.ts
+2 -2
View File
@@ -155,10 +155,10 @@ export class AuthService {
return SERVER_HASH_PREFIX + btoa(binary); return SERVER_HASH_PREFIX + btoa(binary);
} }
// Verify password: hash the input the same way, then constant-time compare. // Verify password: new rows use server-side hashing; legacy rows store the raw client hash.
async verifyPassword(inputHash: string, storedHash: string, email: string): Promise<boolean> { async verifyPassword(inputHash: string, storedHash: string, email: string): Promise<boolean> {
if (!storedHash.startsWith(SERVER_HASH_PREFIX)) { if (!storedHash.startsWith(SERVER_HASH_PREFIX)) {
return false; return this.constantTimeEquals(inputHash, storedHash);
} }
const serverHash = await this.hashPasswordServer(inputHash, email); const serverHash = await this.hashPasswordServer(inputHash, email);
return this.constantTimeEquals(serverHash, storedHash); return this.constantTimeEquals(serverHash, storedHash);