Fix: fix #26

No response is still a response
UniqueStudio · Mar 28, 2021 · f3ec0ee · f3ec0ee
1 parent 5745bf2
commit f3ec0ee
Showing 1 changed file with 3 additions and 26 deletions.
diff --git a/packages/backend/src/utils/scrypt.ts b/packages/backend/src/utils/scrypt.ts
@@ -6,43 +6,20 @@ interface ScryptResult {
 }
 
 export const hash = (password: string) => new Promise<ScryptResult>((resolve, reject) => {
-    /*
-     * As the matter of fact, if `salt` is base64-encoded before it's passed to `scrypt`,
-     * `scrypt` will treat it as a (UTF-8) string and convert it to a buffer whose length is longer than 16.
-     * It works, although not as intended.
-     * The correct implementation is:
-     * ```js
-     * // hash
-     * const salt = randomBytes(16);
-     * scrypt(password, salt, 64, (err, derivedKey) => {
-     *     // ...
-     *     return resolve({
-     *         salt: salt.toString('base64');
-     *         hash: derivedKey.toString('base64'),
-     *     });
-     * }
-     * // verify
-     * scrypt(password, Buffer.from(salt, 'base64'), 64, (err, derivedKey) => {
-     *     // ...
-     * }
-     * ```
-     * For backward compatibility, we have to adapt to the mistake.
-     */
-    const salt = randomBytes(16).toString('base64');
-
+    const salt = randomBytes(16);
     scrypt(password, salt, 64, (err, derivedKey) => {
         if (err) {
             return reject(err);
         }
         return resolve({
-            salt,
+            salt: salt.toString('base64'),
             hash: derivedKey.toString('base64'),
         });
     });
 });
 
 export const verify = (hash: string, salt: string, password: string) => new Promise<boolean>((resolve, reject) => {
-    scrypt(password, salt, 64, (err, derivedKey) => {
+    scrypt(password, Buffer.from(salt, 'base64'), 64, (err, derivedKey) => {
         if (err) {
             return reject(err);
         }