✨ Add hashing password

Author: hirsch88

package.json

@@ -38,6 +38,7 @@
     }
   ],
   "dependencies": {
+    "@types/bcrypt": "^2.0.0",
     "@types/bluebird": "^3.5.18",
     "@types/body-parser": "^1.16.7",
     "@types/chalk": "^2.2.0",
@@ -55,6 +56,7 @@
     "@types/supertest": "^2.0.4",
     "@types/uuid": "^3.4.3",
     "@types/winston": "^2.3.7",
+    "bcrypt": "^2.0.1",
     "body-parser": "^1.18.2",
     "chalk": "^2.3.0",
     "class-validator": "^0.8.5",

src/api/models/User.ts

@@ -1,12 +1,32 @@
+import * as bcrypt from 'bcrypt';
 import { Exclude } from 'class-transformer';
 import { IsNotEmpty } from 'class-validator';
-import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from 'typeorm';
+import { BeforeInsert, Column, Entity, OneToMany, PrimaryGeneratedColumn } from 'typeorm';
 
 import { Pet } from './Pet';
 
 @Entity()
 export class User {
 
+    public static hashPassword(password: string): Promise<string> {
+        return new Promise((resolve, reject) => {
+            bcrypt.hash(password, 10, (err, hash) => {
+                if (err) {
+                    return reject(err);
+                }
+                resolve(hash);
+            });
+        });
+    }
+
+    public static comparePassword(user: User, password: string): Promise<boolean> {
+        return new Promise((resolve, reject) => {
+            bcrypt.compare(password, user.password, (err, res) => {
+                resolve(res === true);
+            });
+        });
+    }
+
     @PrimaryGeneratedColumn('uuid')
     public id: string;
 
@@ -38,8 +58,9 @@ export class User {
         return `${this.firstName} ${this.lastName} (${this.email})`;
     }
 
-    public toBase64(): string {
-        return Buffer.from(`${this.username}:${this.password}`).toString('base64');
+    @BeforeInsert()
+    public async hashPassword(): Promise<void> {
+        this.password = await User.hashPassword(this.password);
     }
 
 }

src/auth/AuthService.ts

@@ -17,28 +17,32 @@ export class AuthService {
     public parseBasicAuthFromRequest(req: express.Request): { username: string, password: string } {
         const authorization = req.header('authorization');
 
-        // Retrieve the token form the Authorization header
         if (authorization && authorization.split(' ')[0] === 'Basic') {
-            this.log.info('Token provided by the client');
-            const decodedToken = Buffer.from(authorization.split(' ')[1], 'base64').toString('ascii');
-            const username = decodedToken.split(':')[0];
-            const password = decodedToken.split(':')[1];
+            this.log.info('Credentials provided by the client');
+            const decodedBase64 = Buffer.from(authorization.split(' ')[1], 'base64').toString('ascii');
+            const username = decodedBase64.split(':')[0];
+            const password = decodedBase64.split(':')[1];
             if (username && password) {
                 return { username, password };
             }
         }
 
-        this.log.info('No Token provided by the client');
+        this.log.info('No Credentials provided by the client');
         return undefined;
     }
 
-    public async findUserByUsernameAndPassword(username: string, password: string): Promise<User> {
-        return this.userRepository.findOne({
+    public async validateUser(username: string, password: string): Promise<User> {
+        const user = await this.userRepository.findOne({
             where: {
                 username,
-                password,
             },
         });
+
+        if (await User.comparePassword(user, password)) {
+            return user;
+        }
+
+        return undefined;
     }
 
 }

src/auth/authorizationChecker.ts

@@ -22,7 +22,7 @@ export function authorizationChecker(connection: Connection): (action: Action, r
             return false;
         }
 
-        action.request.user = await authService.findUserByUsernameAndPassword(credentials.username, credentials.password);
+        action.request.user = await authService.validateUser(credentials.username, credentials.password);
         if (action.request.user === undefined) {
             log.warn('Invalid credentials given');
             return false;

src/database/seeds/CreateBruce.ts

@@ -1,3 +1,4 @@
+import { hash } from 'bcrypt';
 import { Connection } from 'typeorm';
 
 import { User } from '../../../src/api/models/User';

yarn.lock

@@ -16,6 +16,10 @@
     esutils "^2.0.2"
     js-tokens "^3.0.0"
 
+"@types/bcrypt@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@types/bcrypt/-/bcrypt-2.0.0.tgz#74cccef82026341fd786cf2eb9c912c7f9107c55"
+
 "@types/bluebird@^3.5.18":
   version "3.5.20"
   resolved "https://registry.yarnpkg.com/@types/bluebird/-/bluebird-3.5.20.tgz#f6363172add6f4eabb8cada53ca9af2781e8d6a1"
@@ -703,6 +707,13 @@ bcrypt-pbkdf@^1.0.0:
   dependencies:
     tweetnacl "^0.14.3"
 
+bcrypt@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-2.0.1.tgz#229c5afe09379789f918efe86e5e5b682e509f85"
+  dependencies:
+    nan "2.10.0"
+    node-pre-gyp "0.9.1"
+
 better-assert@~1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/better-assert/-/better-assert-1.0.2.tgz#40866b9e1b9e0b55b481894311e68faffaebc522"
@@ -3564,7 +3575,7 @@ mz@^2.4.0:
     object-assign "^4.0.1"
     thenify-all "^1.0.0"
 
-nan@^2.3.0, nan@^2.9.2:
+nan@2.10.0, nan@^2.3.0, nan@^2.9.2:
   version "2.10.0"
   resolved "https://registry.yarnpkg.com/nan/-/nan-2.10.0.tgz#96d0cd610ebd58d4b4de9cc0c6828cda99c7548f"
 
@@ -3646,36 +3657,36 @@ node-notifier@^5.2.1:
     shellwords "^0.1.1"
     which "^1.3.0"
 
-node-pre-gyp@^0.6.39:
-  version "0.6.39"
-  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.6.39.tgz#c00e96860b23c0e1420ac7befc5044e1d78d8649"
+node-pre-gyp@0.9.1, node-pre-gyp@^0.9.0, node-pre-gyp@~0.9.0:
+  version "0.9.1"
+  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.9.1.tgz#f11c07516dd92f87199dbc7e1838eab7cd56c9e0"
   dependencies:
     detect-libc "^1.0.2"
-    hawk "3.1.3"
     mkdirp "^0.5.1"
+    needle "^2.2.0"
     nopt "^4.0.1"
+    npm-packlist "^1.1.6"
     npmlog "^4.0.2"
     rc "^1.1.7"
-    request "2.81.0"
     rimraf "^2.6.1"
     semver "^5.3.0"
-    tar "^2.2.1"
-    tar-pack "^3.4.0"
+    tar "^4"
 
-node-pre-gyp@^0.9.0, node-pre-gyp@~0.9.0:
-  version "0.9.1"
-  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.9.1.tgz#f11c07516dd92f87199dbc7e1838eab7cd56c9e0"
+node-pre-gyp@^0.6.39:
+  version "0.6.39"
+  resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.6.39.tgz#c00e96860b23c0e1420ac7befc5044e1d78d8649"
   dependencies:
     detect-libc "^1.0.2"
+    hawk "3.1.3"
     mkdirp "^0.5.1"
-    needle "^2.2.0"
     nopt "^4.0.1"
-    npm-packlist "^1.1.6"
     npmlog "^4.0.2"
     rc "^1.1.7"
+    request "2.81.0"
     rimraf "^2.6.1"
     semver "^5.3.0"
-    tar "^4"
+    tar "^2.2.1"
+    tar-pack "^3.4.0"
 
 nodemon@^1.12.1:
   version "1.17.4"