forked from engineering/cloudservices
fix cipher issues
parent
e44da74a0f
commit
6fba087b2d
|
@ -26,13 +26,14 @@ export default class Security {
|
||||||
* @param _id The Mongoose Document property labeled ._id
|
* @param _id The Mongoose Document property labeled ._id
|
||||||
*/
|
*/
|
||||||
public async createBearer(_id: string): Promise<string> {
|
public async createBearer(_id: string): Promise<string> {
|
||||||
const account = await this.client.db.Account.findOne({ _id });
|
let account = await this.client.db.Account.findOne({ _id });
|
||||||
if (!account) throw new Error(`Account [${_id}] cannot be found.`);
|
if (!account) throw new Error(`Account [${_id}] cannot be found.`);
|
||||||
const salt = crypto.randomBytes(50).toString('base64');
|
const salt = crypto.randomBytes(50).toString('base64');
|
||||||
const cipher = crypto.createCipheriv('aes-256-gcm', this.keys.key, this.keys.iv);
|
const cipher = crypto.createCipheriv('aes-256-gcm', this.keys.key, this.keys.iv);
|
||||||
|
await account.updateOne({ salt });
|
||||||
|
account = await this.client.db.Account.findOne({ _id });
|
||||||
let encrypted = cipher.update(JSON.stringify(account), 'utf8', 'base64');
|
let encrypted = cipher.update(JSON.stringify(account), 'utf8', 'base64');
|
||||||
encrypted += cipher.final('base64');
|
encrypted += cipher.final('base64');
|
||||||
await account.updateOne({ salt });
|
|
||||||
return `${salt}:${encrypted}`;
|
return `${salt}:${encrypted}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -47,6 +48,8 @@ export default class Security {
|
||||||
const json = JSON.parse(decrypted);
|
const json = JSON.parse(decrypted);
|
||||||
const account = await this.client.db.Account.findOne({ username: json.username });
|
const account = await this.client.db.Account.findOne({ username: json.username });
|
||||||
if (account._id !== saltCheck._id) return null;
|
if (account._id !== saltCheck._id) return null;
|
||||||
|
this.client.signale.debug(account);
|
||||||
|
this.client.signale.debug(saltCheck);
|
||||||
return account;
|
return account;
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
this.client.signale.debug(error);
|
this.client.signale.debug(error);
|
||||||
|
|
Loading…
Reference in New Issue