umami/lib/crypto.js

import crypto from 'crypto';
import { v4, v5, validate } from 'uuid';
import bcrypt from 'bcryptjs';
import { JWT, JWE, JWK } from 'jose';
import { startOfMonth } from 'date-fns';

const SALT_ROUNDS = 10;
const KEY = JWK.asKey(Buffer.from(secret()));
const ROTATING_SALT = hash(startOfMonth(new Date()).toUTCString());
const CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';

export function hash(...args) {
  return crypto.createHash('sha512').update(args.join('')).digest('hex');
}

export function secret() {
  return hash(process.env.HASH_SALT);
}

export function salt() {
  return v5([secret(), ROTATING_SALT].join(''), v5.DNS);
}

export function uuid(...args) {
  if (!args.length) return v4();

  return v5(args.join(''), salt());
}

export function isValidUuid(s) {
  return validate(s);
}

export function getRandomChars(n) {
  let s = '';
  for (let i = 0; i < n; i++) {
    s += CHARS[Math.floor(Math.random() * CHARS.length)];
  }
  return s;
}

export function hashPassword(password) {
  return bcrypt.hashSync(password, SALT_ROUNDS);
}

export function checkPassword(password, hash) {
  return bcrypt.compareSync(password, hash);
}

export async function createToken(payload) {
  return JWT.sign(payload, KEY);
}

export async function parseToken(token) {
  try {
    return JWT.verify(token, KEY);
  } catch {
    return null;
  }
}

export async function createSecureToken(payload) {
  return JWE.encrypt(await createToken(payload), KEY);
}

export async function parseSecureToken(token) {
  try {
    const result = await JWE.decrypt(token, KEY);

    return parseToken(result.toString());
  } catch {
    return null;
  }
}
Cookie authentication. 2020-07-23 00:46:05 +02:00			`import crypto from 'crypto';`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`import { v4, v5, validate } from 'uuid';`
Swap bcrypt library. 2021-04-28 11:45:38 +02:00			`import bcrypt from 'bcryptjs';`
Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`import { JWT, JWE, JWK } from 'jose';`
Implement rotating salt. 2020-08-21 04:38:20 +02:00			`import { startOfMonth } from 'date-fns';`
Cookie authentication. 2020-07-23 00:46:05 +02:00
Account settings page. 2020-08-09 08:48:43 +02:00			`const SALT_ROUNDS = 10;`
Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`const KEY = JWK.asKey(Buffer.from(secret()));`
Implement rotating salt. 2020-08-21 04:38:20 +02:00			`const ROTATING_SALT = hash(startOfMonth(new Date()).toUTCString());`
Enable public website sharing. 2020-08-15 10:17:15 +02:00			`const CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';`
Cookie authentication. 2020-07-23 00:46:05 +02:00
Accounts and login. 2020-07-24 04:56:55 +02:00			`export function hash(...args) {`
			`return crypto.createHash('sha512').update(args.join('')).digest('hex');`
Switch to json web tokens. 2020-07-23 05:45:09 +02:00			`}`

			`export function secret() {`
Accounts and login. 2020-07-24 04:56:55 +02:00			`return hash(process.env.HASH_SALT);`
Switch to json web tokens. 2020-07-23 05:45:09 +02:00			`}`
Cookie authentication. 2020-07-23 00:46:05 +02:00
Implement rotating salt. 2020-08-21 04:38:20 +02:00			`export function salt() {`
			`return v5([secret(), ROTATING_SALT].join(''), v5.DNS);`
			`}`

Switch to json web tokens. 2020-07-23 05:45:09 +02:00			`export function uuid(...args) {`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`if (!args.length) return v4();`

Implement rotating salt. 2020-08-21 04:38:20 +02:00			`return v5(args.join(''), salt());`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Use token authentication for API requests. 2020-09-18 07:52:20 +02:00			`export function isValidUuid(s) {`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`return validate(s);`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Enable public website sharing. 2020-08-15 10:17:15 +02:00			`export function getRandomChars(n) {`
			`let s = '';`
			`for (let i = 0; i < n; i++) {`
			`s += CHARS[Math.floor(Math.random() * CHARS.length)];`
			`}`
			`return s;`
			`}`

Change to synchronous password hashing. 2021-05-24 02:29:27 +02:00			`export function hashPassword(password) {`
Swap bcrypt library. 2021-04-28 11:45:38 +02:00			`return bcrypt.hashSync(password, SALT_ROUNDS);`
Account settings page. 2020-08-09 08:48:43 +02:00			`}`

Change to synchronous password hashing. 2021-05-24 02:29:27 +02:00			`export function checkPassword(password, hash) {`
Swap bcrypt library. 2021-04-28 11:45:38 +02:00			`return bcrypt.compareSync(password, hash);`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`export async function createToken(payload) {`
			`return JWT.sign(payload, KEY);`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`export async function parseToken(token) {`
			`try {`
			`return JWT.verify(token, KEY);`
			`} catch {`
			`return null;`
			`}`
Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`}`

			`export async function createSecureToken(payload) {`
			`return JWE.encrypt(await createToken(payload), KEY);`
			`}`

Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`export async function parseSecureToken(token) {`
			`try {`
			`const result = await JWE.decrypt(token, KEY);`

			`return parseToken(result.toString());`
			`} catch {`
			`return null;`
			`}`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`