IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

sodium native imports with types

Browse Source
This commit is contained in:
Ulf Gebhardt 2023-06-06 12:22:09 +02:00
parent 6160492e15
commit 39ead93755
Signed by: ulfgebhardt
GPG Key ID: DA6B843E748679C9
2 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/src/graphql/resolver/UserResolver.ts
View File

@ -70,6 +70,9 @@ import { communityDbUser } from '@/util/communityUser'
import { hasElopageBuys } from '@/util/hasElopageBuys' import { hasElopageBuys } from '@/util/hasElopageBuys'
import { getTimeDurationObject, printTimeDuration } from '@/util/time' import { getTimeDurationObject, printTimeDuration } from '@/util/time'
// eslint-disable-next-line import/no-relative-parent-imports
import { randombytes_random } from 'sodium-native'
import { FULL_CREATION_AVAILABLE } from './const/const' import { FULL_CREATION_AVAILABLE } from './const/const'
import { getUserCreations } from './util/creations' import { getUserCreations } from './util/creations'
import { findUserByIdentifier } from './util/findUserByIdentifier' import { findUserByIdentifier } from './util/findUserByIdentifier'
@ -77,8 +80,6 @@ import { validateAlias } from './util/validateAlias'
// eslint-disable-next-line @typescript-eslint/no-var-requires, import/no-commonjs // eslint-disable-next-line @typescript-eslint/no-var-requires, import/no-commonjs
const random = require('random-bigint') const random = require('random-bigint')
// eslint-disable-next-line @typescript-eslint/no-var-requires, import/no-commonjs
const sodium = require('sodium-native')
const LANGUAGES = ['de', 'en', 'es', 'fr', 'nl'] const LANGUAGES = ['de', 'en', 'es', 'fr', 'nl']
const DEFAULT_LANGUAGE = 'de' const DEFAULT_LANGUAGE = 'de'
@ -237,7 +238,7 @@ export class UserResolver {
// TODO: this is unsecure, but the current implementation of the login server. This way it can be queried if the user with given EMail is existent. // TODO: this is unsecure, but the current implementation of the login server. This way it can be queried if the user with given EMail is existent.
const user = new User(communityDbUser) const user = new User(communityDbUser)
user.id = sodium.randombytes_random() % (2048 * 16) // TODO: for a better faking derive id from email so that it will be always the same id when the same email comes in? user.id = randombytes_random() % (2048 * 16) // TODO: for a better faking derive id from email so that it will be always the same id when the same email comes in?
user.gradidoID = uuidv4() user.gradidoID = uuidv4()
user.firstName = firstName user.firstName = firstName
user.lastName = lastName user.lastName = lastName

42
backend/src/password/EncryptorUtils.ts
View File

@ -10,8 +10,20 @@ import { CONFIG } from '@/config'
import { LogError } from '@/server/LogError' import { LogError } from '@/server/LogError'
import { backendLogger as logger } from '@/server/logger' import { backendLogger as logger } from '@/server/logger'
// eslint-disable-next-line @typescript-eslint/no-var-requires, import/no-commonjs import {
const sodium = require('sodium-native') crypto_shorthash_KEYBYTES,
crypto_box_SEEDBYTES,
crypto_hash_sha512_init,
crypto_hash_sha512_update,
crypto_hash_sha512_final,
crypto_hash_sha512_BYTES,
crypto_hash_sha512_STATEBYTES,
crypto_shorthash_BYTES,
crypto_pwhash_SALTBYTES,
crypto_pwhash,
crypto_shorthash,
// eslint-disable-next-line import/no-relative-parent-imports
} from 'sodium-native'
// We will reuse this for changePassword // We will reuse this for changePassword
export const isValidPassword = (password: string): boolean => { export const isValidPassword = (password: string): boolean => {
@ -22,36 +34,36 @@ export const SecretKeyCryptographyCreateKey = (salt: string, password: string):
logger.trace('SecretKeyCryptographyCreateKey...') logger.trace('SecretKeyCryptographyCreateKey...')
const configLoginAppSecret = Buffer.from(CONFIG.LOGIN_APP_SECRET, 'hex') const configLoginAppSecret = Buffer.from(CONFIG.LOGIN_APP_SECRET, 'hex')
const configLoginServerKey = Buffer.from(CONFIG.LOGIN_SERVER_KEY, 'hex') const configLoginServerKey = Buffer.from(CONFIG.LOGIN_SERVER_KEY, 'hex')
if (configLoginServerKey.length !== sodium.crypto_shorthash_KEYBYTES) { if (configLoginServerKey.length !== crypto_shorthash_KEYBYTES) {
throw new LogError( throw new LogError(
'ServerKey has an invalid size', 'ServerKey has an invalid size',
configLoginServerKey.length, configLoginServerKey.length,
sodium.crypto_shorthash_KEYBYTES, crypto_shorthash_KEYBYTES,
) )
} }
const state = Buffer.alloc(sodium.crypto_hash_sha512_STATEBYTES) const state = Buffer.alloc(crypto_hash_sha512_STATEBYTES)
sodium.crypto_hash_sha512_init(state) crypto_hash_sha512_init(state)
sodium.crypto_hash_sha512_update(state, Buffer.from(salt)) crypto_hash_sha512_update(state, Buffer.from(salt))
sodium.crypto_hash_sha512_update(state, configLoginAppSecret) crypto_hash_sha512_update(state, configLoginAppSecret)
const hash = Buffer.alloc(sodium.crypto_hash_sha512_BYTES) const hash = Buffer.alloc(crypto_hash_sha512_BYTES)
sodium.crypto_hash_sha512_final(state, hash) crypto_hash_sha512_final(state, hash)
const encryptionKey = Buffer.alloc(sodium.crypto_box_SEEDBYTES) const encryptionKey = Buffer.alloc(crypto_box_SEEDBYTES)
const opsLimit = 10 const opsLimit = 10
const memLimit = 33554432 const memLimit = 33554432
const algo = 2 const algo = 2
sodium.crypto_pwhash( crypto_pwhash(
encryptionKey, encryptionKey,
Buffer.from(password), Buffer.from(password),
hash.slice(0, sodium.crypto_pwhash_SALTBYTES), hash.slice(0, crypto_pwhash_SALTBYTES),
opsLimit, opsLimit,
memLimit, memLimit,
algo, algo,
) )
const encryptionKeyHash = Buffer.alloc(sodium.crypto_shorthash_BYTES) const encryptionKeyHash = Buffer.alloc(crypto_shorthash_BYTES)
sodium.crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey) crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey)
return [encryptionKeyHash, encryptionKey] return [encryptionKeyHash, encryptionKey]
} }