🔐 fix: token not using webcrypto (#4005)

* fix: token * style: auth pages updated `|` color
2025-12-17 00:40:14 +01:00 · 2024-09-11 22:25:14 -04:00 · 2024-09-11 22:25:14 -04:00 · c3dc03b063
commit c3dc03b063
parent aea01f0bc5
6 changed files with 23 additions and 14 deletions
--- a/api/models/inviteUser.js
+++ b/api/models/inviteUser.js
@ -1,6 +1,5 @@
-const crypto = require('crypto');
-const bcrypt = require('bcryptjs');
 const mongoose = require('mongoose');
+const { getRandomValues, hashToken } = require('~/server/utils/crypto');
 const { createToken, findToken } = require('./Token');
 const logger = require('~/config/winston');

@ -18,8 +17,8 @@ const logger = require('~/config/winston');
 */
 const createInvite = async (email) => {
  try {
-    let token = crypto.randomBytes(32).toString('hex');
-    const hash = bcrypt.hashSync(token, 10);
+    const token = await getRandomValues(32);
+    const hash = await hashToken(token);
    const encodedToken = encodeURIComponent(token);

    const fakeUserId = new mongoose.Types.ObjectId();
@ -50,7 +49,7 @@ const createInvite = async (email) => {
 const getInvite = async (encodedToken, email) => {
  try {
    const token = decodeURIComponent(encodedToken);
-    const hash = bcrypt.hashSync(token, 10);
+    const hash = await hashToken(token);
    const invite = await findToken({ token: hash, email });

    if (!invite) {
@ -59,7 +58,7 @@ const getInvite = async (encodedToken, email) => {

    return invite;
  } catch (error) {
-    logger.error('[getInvite] Error getting invite', error);
+    logger.error('[getInvite] Error getting invite:', error);
    return { error: true, message: error.message };
  }
 };
--- a/api/server/utils/crypto.js
+++ b/api/server/utils/crypto.js
@ -102,4 +102,14 @@ async function hashToken(str) {
  return Buffer.from(hashBuffer).toString('hex');
 }

-module.exports = { encrypt, decrypt, encryptV2, decryptV2, hashToken };
+async function getRandomValues(length) {
+  if (!Number.isInteger(length) || length <= 0) {
+    throw new Error('Length must be a positive integer');
+  }
+
+  const randomValues = new Uint8Array(length);
+  webcrypto.getRandomValues(randomValues);
+  return Buffer.from(randomValues).toString('hex');
+}
+
+module.exports = { encrypt, decrypt, encryptV2, decryptV2, hashToken, getRandomValues };
--- a/client/src/components/Auth/LoginForm.tsx
+++ b/client/src/components/Auth/LoginForm.tsx
@ -99,8 +99,8 @@ const LoginForm: React.FC<TLoginFormProps> = ({ onSubmit, startupConfig, error,
              aria-invalid={!!errors.email}
              className="
                webkit-dark-styles transition-color peer w-full rounded-2xl border border-border-light
-                bg-surface-primary px-3.5 pb-2.5 pt-3 duration-200 focus:border-green-500 focus:outline-none
-                "
+                bg-surface-primary px-3.5 pb-2.5 pt-3 text-text-primary duration-200 focus:border-green-500 focus:outline-none
+              "
              placeholder=" "
            />
            <label
@ -134,7 +134,7 @@ const LoginForm: React.FC<TLoginFormProps> = ({ onSubmit, startupConfig, error,
              aria-invalid={!!errors.password}
              className="
                webkit-dark-styles transition-color peer w-full rounded-2xl border border-border-light
-                bg-surface-primary px-3.5 pb-2.5 pt-3 duration-200 focus:border-green-500 focus:outline-none
+                bg-surface-primary px-3.5 pb-2.5 pt-3 text-text-primary duration-200 focus:border-green-500 focus:outline-none
                "
              placeholder=" "
            />
--- a/client/src/components/Auth/Registration.tsx
+++ b/client/src/components/Auth/Registration.tsx
@ -71,7 +71,7 @@ const Registration: React.FC = () => {
          aria-invalid={!!errors[id]}
          className="
            webkit-dark-styles transition-color peer w-full rounded-2xl border border-border-light
-            bg-surface-primary px-3.5 pb-2.5 pt-3 duration-200 focus:border-green-500 focus:outline-none
+            bg-surface-primary px-3.5 pb-2.5 pt-3 text-text-primary duration-200 focus:border-green-500 focus:outline-none
          "
          placeholder=" "
          data-testid={id}
--- a/client/src/components/Auth/RequestPasswordReset.tsx
+++ b/client/src/components/Auth/RequestPasswordReset.tsx
@ -106,7 +106,7 @@ function RequestPasswordReset() {
            aria-invalid={!!errors.email}
            className="
              webkit-dark-styles transition-color peer w-full rounded-2xl border border-border-light
-              bg-surface-primary px-3.5 pb-2.5 pt-3 duration-200 focus:border-green-500 focus:outline-none
+              bg-surface-primary px-3.5 pb-2.5 pt-3 text-text-primary duration-200 focus:border-green-500 focus:outline-none
            "
            placeholder=" "
          />
--- a/client/src/components/Auth/ResetPassword.tsx
+++ b/client/src/components/Auth/ResetPassword.tsx
@ -91,7 +91,7 @@ function ResetPassword() {
            aria-invalid={!!errors.password}
            className="
              webkit-dark-styles transition-color peer w-full rounded-2xl border border-border-light
-              bg-surface-primary px-3.5 pb-2.5 pt-3 duration-200 focus:border-green-500 focus:outline-none
+              bg-surface-primary px-3.5 pb-2.5 pt-3 text-text-primary duration-200 focus:border-green-500 focus:outline-none
           "
            placeholder=" "
          />
@ -126,7 +126,7 @@ function ResetPassword() {
            aria-invalid={!!errors.confirm_password}
            className="
            webkit-dark-styles transition-color peer w-full rounded-2xl border border-border-light
-            bg-surface-primary px-3.5 pb-2.5 pt-3 duration-200 focus:border-green-500 focus:outline-none
+            bg-surface-primary px-3.5 pb-2.5 pt-3 text-text-primary duration-200 focus:border-green-500 focus:outline-none
            "
            placeholder=" "
          />