umami/lib/crypto.js

import crypto from 'crypto';
import { v4, v5, validate } from 'uuid';
import bcrypt from 'bcrypt';
import { JWT, JWE, JWK } from 'jose';

const SALT_ROUNDS = 10;
const KEY = JWK.asKey(Buffer.from(secret()));

export function hash(...args) {
  return crypto.createHash('sha512').update(args.join('')).digest('hex');
}

export function secret() {
  return hash(process.env.HASH_SALT);
}

export function uuid(...args) {
  if (!args.length) return v4();

  return v5(args.join(''), v5.DNS);
}

export function isValidId(s) {
  return validate(s);
}

export async function hashPassword(password) {
  return bcrypt.hash(password, SALT_ROUNDS);
}

export async function checkPassword(password, hash) {
  return bcrypt.compare(password, hash);
}

export async function createToken(payload) {
  return JWT.sign(payload, KEY);
}

export async function parseToken(token) {
  try {
    return JWT.verify(token, KEY);
  } catch {
    return null;
  }
}

export async function createSecureToken(payload) {
  return JWE.encrypt(await createToken(payload), KEY);
}

export async function parseSecureToken(token) {
  try {
    const result = await JWE.decrypt(token, KEY);

    return parseToken(result.toString());
  } catch {
    return null;
  }
}
Cookie authentication. 2020-07-23 00:46:05 +02:00			`import crypto from 'crypto';`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`import { v4, v5, validate } from 'uuid';`
Switch to json web tokens. 2020-07-23 05:45:09 +02:00			`import bcrypt from 'bcrypt';`
Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`import { JWT, JWE, JWK } from 'jose';`
Cookie authentication. 2020-07-23 00:46:05 +02:00
Account settings page. 2020-08-09 08:48:43 +02:00			`const SALT_ROUNDS = 10;`
Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`const KEY = JWK.asKey(Buffer.from(secret()));`
Cookie authentication. 2020-07-23 00:46:05 +02:00
Accounts and login. 2020-07-24 04:56:55 +02:00			`export function hash(...args) {`
			`return crypto.createHash('sha512').update(args.join('')).digest('hex');`
Switch to json web tokens. 2020-07-23 05:45:09 +02:00			`}`

			`export function secret() {`
Accounts and login. 2020-07-24 04:56:55 +02:00			`return hash(process.env.HASH_SALT);`
Switch to json web tokens. 2020-07-23 05:45:09 +02:00			`}`
Cookie authentication. 2020-07-23 00:46:05 +02:00
Switch to json web tokens. 2020-07-23 05:45:09 +02:00			`export function uuid(...args) {`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`if (!args.length) return v4();`

Added tracking code form. 2020-08-08 05:36:57 +02:00			`return v5(args.join(''), v5.DNS);`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Accounts and login. 2020-07-24 04:56:55 +02:00			`export function isValidId(s) {`
Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`return validate(s);`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Account editing and change password. 2020-08-09 11:03:37 +02:00			`export async function hashPassword(password) {`
Account settings page. 2020-08-09 08:48:43 +02:00			`return bcrypt.hash(password, SALT_ROUNDS);`
			`}`

Account editing and change password. 2020-08-09 11:03:37 +02:00			`export async function checkPassword(password, hash) {`
Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`return bcrypt.compare(password, hash);`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`export async function createToken(payload) {`
			`return JWT.sign(payload, KEY);`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`

Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`export async function parseToken(token) {`
			`try {`
			`return JWT.verify(token, KEY);`
			`} catch {`
			`return null;`
			`}`
Changed JWT implementation. 2020-07-23 06:33:17 +02:00			`}`

			`export async function createSecureToken(payload) {`
			`return JWE.encrypt(await createToken(payload), KEY);`
			`}`

Handle website delete. Added response helper functions. 2020-08-08 02:19:42 +02:00			`export async function parseSecureToken(token) {`
			`try {`
			`const result = await JWE.decrypt(token, KEY);`

			`return parseToken(result.toString());`
			`} catch {`
			`return null;`
			`}`
Cookie authentication. 2020-07-23 00:46:05 +02:00			`}`