113 lines
3.3 KiB
JavaScript
113 lines
3.3 KiB
JavaScript
import bcrypt from 'bcryptjs';
|
|
import crypto from 'crypto';
|
|
|
|
/**
|
|
* Hashuje heslo pomocou bcrypt
|
|
* @param {string} password - Plain text heslo
|
|
* @returns {Promise<string>} Hashované heslo
|
|
*/
|
|
export const hashPassword = async (password) => {
|
|
const rounds = parseInt(process.env.BCRYPT_ROUNDS) || 12;
|
|
return bcrypt.hash(password, rounds);
|
|
};
|
|
|
|
/**
|
|
* Porovná plain text heslo s hash
|
|
* @param {string} password - Plain text heslo
|
|
* @param {string} hash - Hashované heslo
|
|
* @returns {Promise<boolean>} True ak sa zhodujú
|
|
*/
|
|
export const comparePassword = async (password, hash) => {
|
|
return bcrypt.compare(password, hash);
|
|
};
|
|
|
|
/**
|
|
* Generuje náhodné dočasné heslo
|
|
* @param {number} length - Dĺžka hesla (default: 12)
|
|
* @returns {string} Náhodné heslo
|
|
*/
|
|
export const generateTempPassword = (length = 12) => {
|
|
const uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
|
const lowercase = 'abcdefghijklmnopqrstuvwxyz';
|
|
const numbers = '0123456789';
|
|
const special = '!@#$%^&*';
|
|
const all = uppercase + lowercase + numbers + special;
|
|
|
|
let password = '';
|
|
|
|
// Zaručí aspoň jeden znak z každej kategórie
|
|
password += uppercase[Math.floor(Math.random() * uppercase.length)];
|
|
password += lowercase[Math.floor(Math.random() * lowercase.length)];
|
|
password += numbers[Math.floor(Math.random() * numbers.length)];
|
|
password += special[Math.floor(Math.random() * special.length)];
|
|
|
|
// Zvyšok náhodne
|
|
for (let i = password.length; i < length; i++) {
|
|
password += all[Math.floor(Math.random() * all.length)];
|
|
}
|
|
|
|
// Zamieša znaky
|
|
return password
|
|
.split('')
|
|
.sort(() => Math.random() - 0.5)
|
|
.join('');
|
|
};
|
|
|
|
/**
|
|
* Generuje náhodný verification token
|
|
* @returns {string} UUID token
|
|
*/
|
|
export const generateVerificationToken = () => {
|
|
return crypto.randomUUID();
|
|
};
|
|
|
|
/**
|
|
* Encrypt emailPassword using AES-256-GCM
|
|
* @param {string} text - Plain text password
|
|
* @returns {string} Encrypted password in format: iv:authTag:encrypted
|
|
*/
|
|
export const encryptPassword = (text) => {
|
|
if (!process.env.JWT_SECRET) {
|
|
throw new Error('JWT_SECRET environment variable is required for password encryption');
|
|
}
|
|
|
|
const algorithm = 'aes-256-gcm';
|
|
const key = crypto.scryptSync(process.env.JWT_SECRET, 'salt', 32);
|
|
const iv = crypto.randomBytes(16);
|
|
|
|
const cipher = crypto.createCipheriv(algorithm, key, iv);
|
|
let encrypted = cipher.update(text, 'utf8', 'hex');
|
|
encrypted += cipher.final('hex');
|
|
|
|
const authTag = cipher.getAuthTag();
|
|
|
|
return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
|
|
};
|
|
|
|
/**
|
|
* Decrypt emailPassword
|
|
* @param {string} encryptedText - Encrypted password in format: iv:authTag:encrypted
|
|
* @returns {string} Plain text password
|
|
*/
|
|
export const decryptPassword = (encryptedText) => {
|
|
if (!process.env.JWT_SECRET) {
|
|
throw new Error('JWT_SECRET environment variable is required for password decryption');
|
|
}
|
|
|
|
const algorithm = 'aes-256-gcm';
|
|
const key = crypto.scryptSync(process.env.JWT_SECRET, 'salt', 32);
|
|
|
|
const parts = encryptedText.split(':');
|
|
const iv = Buffer.from(parts[0], 'hex');
|
|
const authTag = Buffer.from(parts[1], 'hex');
|
|
const encrypted = parts[2];
|
|
|
|
const decipher = crypto.createDecipheriv(algorithm, key, iv);
|
|
decipher.setAuthTag(authTag);
|
|
|
|
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
|
|
decrypted += decipher.final('utf8');
|
|
|
|
return decrypted;
|
|
};
|