1
0
Fork 0

fix cipher issues

refactor/models
Matthew 2019-11-16 23:40:32 -05:00
parent e44da74a0f
commit 6fba087b2d
No known key found for this signature in database
GPG Key ID: 766BE43AE75F7559
1 changed files with 5 additions and 2 deletions

View File

@ -26,13 +26,14 @@ export default class Security {
* @param _id The Mongoose Document property labeled ._id * @param _id The Mongoose Document property labeled ._id
*/ */
public async createBearer(_id: string): Promise<string> { public async createBearer(_id: string): Promise<string> {
const account = await this.client.db.Account.findOne({ _id }); let account = await this.client.db.Account.findOne({ _id });
if (!account) throw new Error(`Account [${_id}] cannot be found.`); if (!account) throw new Error(`Account [${_id}] cannot be found.`);
const salt = crypto.randomBytes(50).toString('base64'); const salt = crypto.randomBytes(50).toString('base64');
const cipher = crypto.createCipheriv('aes-256-gcm', this.keys.key, this.keys.iv); const cipher = crypto.createCipheriv('aes-256-gcm', this.keys.key, this.keys.iv);
await account.updateOne({ salt });
account = await this.client.db.Account.findOne({ _id });
let encrypted = cipher.update(JSON.stringify(account), 'utf8', 'base64'); let encrypted = cipher.update(JSON.stringify(account), 'utf8', 'base64');
encrypted += cipher.final('base64'); encrypted += cipher.final('base64');
await account.updateOne({ salt });
return `${salt}:${encrypted}`; return `${salt}:${encrypted}`;
} }
@ -47,6 +48,8 @@ export default class Security {
const json = JSON.parse(decrypted); const json = JSON.parse(decrypted);
const account = await this.client.db.Account.findOne({ username: json.username }); const account = await this.client.db.Account.findOne({ username: json.username });
if (account._id !== saltCheck._id) return null; if (account._id !== saltCheck._id) return null;
this.client.signale.debug(account);
this.client.signale.debug(saltCheck);
return account; return account;
} catch (error) { } catch (error) {
this.client.signale.debug(error); this.client.signale.debug(error);