initialize git, basic setup for crm

src/utils/password.js

@@ -0,0 +1,104 @@
+import bcrypt from 'bcryptjs';
+import crypto from 'crypto';
+
+/**
+ * Hashuje heslo pomocou bcrypt
+ * @param {string} password - Plain text heslo
+ * @returns {Promise<string>} Hashované heslo
+ */
+export const hashPassword = async (password) => {
+  const rounds = parseInt(process.env.BCRYPT_ROUNDS) || 12;
+  return bcrypt.hash(password, rounds);
+};
+
+/**
+ * Porovná plain text heslo s hash
+ * @param {string} password - Plain text heslo
+ * @param {string} hash - Hashované heslo
+ * @returns {Promise<boolean>} True ak sa zhodujú
+ */
+export const comparePassword = async (password, hash) => {
+  return bcrypt.compare(password, hash);
+};
+
+/**
+ * Generuje náhodné dočasné heslo
+ * @param {number} length - Dĺžka hesla (default: 12)
+ * @returns {string} Náhodné heslo
+ */
+export const generateTempPassword = (length = 12) => {
+  const uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+  const lowercase = 'abcdefghijklmnopqrstuvwxyz';
+  const numbers = '0123456789';
+  const special = '!@#$%^&*';
+  const all = uppercase + lowercase + numbers + special;
+
+  let password = '';
+
+  // Zaručí aspoň jeden znak z každej kategórie
+  password += uppercase[Math.floor(Math.random() * uppercase.length)];
+  password += lowercase[Math.floor(Math.random() * lowercase.length)];
+  password += numbers[Math.floor(Math.random() * numbers.length)];
+  password += special[Math.floor(Math.random() * special.length)];
+
+  // Zvyšok náhodne
+  for (let i = password.length; i < length; i++) {
+    password += all[Math.floor(Math.random() * all.length)];
+  }
+
+  // Zamieša znaky
+  return password
+    .split('')
+    .sort(() => Math.random() - 0.5)
+    .join('');
+};
+
+/**
+ * Generuje náhodný verification token
+ * @returns {string} UUID token
+ */
+export const generateVerificationToken = () => {
+  return crypto.randomUUID();
+};
+
+/**
+ * Encrypt emailPassword using AES-256-GCM
+ * @param {string} text - Plain text password
+ * @returns {string} Encrypted password in format: iv:authTag:encrypted
+ */
+export const encryptPassword = (text) => {
+  const algorithm = 'aes-256-gcm';
+  const key = crypto.scryptSync(process.env.JWT_SECRET || 'default-secret', 'salt', 32);
+  const iv = crypto.randomBytes(16);
+
+  const cipher = crypto.createCipheriv(algorithm, key, iv);
+  let encrypted = cipher.update(text, 'utf8', 'hex');
+  encrypted += cipher.final('hex');
+
+  const authTag = cipher.getAuthTag();
+
+  return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+};
+
+/**
+ * Decrypt emailPassword
+ * @param {string} encryptedText - Encrypted password in format: iv:authTag:encrypted
+ * @returns {string} Plain text password
+ */
+export const decryptPassword = (encryptedText) => {
+  const algorithm = 'aes-256-gcm';
+  const key = crypto.scryptSync(process.env.JWT_SECRET || 'default-secret', 'salt', 32);
+
+  const parts = encryptedText.split(':');
+  const iv = Buffer.from(parts[0], 'hex');
+  const authTag = Buffer.from(parts[1], 'hex');
+  const encrypted = parts[2];
+
+  const decipher = crypto.createDecipheriv(algorithm, key, iv);
+  decipher.setAuthTag(authTag);
+
+  let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+  decrypted += decipher.final('utf8');
+
+  return decrypted;
+};