init app

2026-06-02 10:23:09 +03:00
parent e08d555b23
commit 0c87eaef46
136 changed files with 16069 additions and 94 deletions
--- a/lib/crypto.ts
+++ b/lib/crypto.ts
@@ -0,0 +1,115 @@
+import crypto from "node:crypto";
+
+const PBKDF2_ITERATIONS = 100_000;
+const PBKDF2_KEYLEN = 32;
+const PBKDF2_DIGEST = "sha512";
+const SALT_BYTES = 32;
+
+/**
+ * Hash a password using pbkdf2 with a random salt.
+ * Returns `salt:hash` in hex.
+ */
+export async function hashPassword(password: string): Promise<string> {
+  const salt = crypto.randomBytes(SALT_BYTES).toString("hex");
+
+  return new Promise((resolve, reject) => {
+    crypto.pbkdf2(
+      password,
+      salt,
+      PBKDF2_ITERATIONS,
+      PBKDF2_KEYLEN,
+      PBKDF2_DIGEST,
+      (err, derivedKey) => {
+        if (err) return reject(err);
+        resolve(`${salt}:${derivedKey.toString("hex")}`);
+      },
+    );
+  });
+}
+
+/**
+ * Verify a password against a stored `salt:hash` string.
+ * Uses timing-safe comparison.
+ */
+export async function verifyPassword(
+  password: string,
+  stored: string,
+): Promise<boolean> {
+  const [salt, originalHash] = stored.split(":");
+  if (!salt || !originalHash) return false;
+
+  return new Promise((resolve, reject) => {
+    crypto.pbkdf2(
+      password,
+      salt,
+      PBKDF2_ITERATIONS,
+      PBKDF2_KEYLEN,
+      PBKDF2_DIGEST,
+      (err, derivedKey) => {
+        if (err) return reject(err);
+
+        const hashBuf = Buffer.from(originalHash, "hex");
+        if (hashBuf.length !== derivedKey.length) {
+          resolve(false);
+          return;
+        }
+
+        resolve(crypto.timingSafeEqual(hashBuf, derivedKey));
+      },
+    );
+  });
+}
+
+/**
+ * Generate a random hex token.
+ */
+export function generateToken(bytes: number = 32): string {
+  return crypto.randomBytes(bytes).toString("hex");
+}
+
+/**
+ * Encrypt a session ID using AES-256-GCM.
+ * SESSION_SECRET must be a hex-encoded 32-byte key.
+ * Returns `iv:authTag:ciphertext` in hex.
+ */
+export function encryptSessionId(sessionId: string): string {
+  const key = Buffer.from(process.env.SESSION_SECRET!, "hex");
+  const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+
+  const encrypted = Buffer.concat([
+    cipher.update(sessionId, "utf8"),
+    cipher.final(),
+  ]);
+  const authTag = cipher.getAuthTag();
+
+  return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted.toString("hex")}`;
+}
+
+/**
+ * Decrypt a session ID encrypted with encryptSessionId.
+ * Returns null on any error.
+ */
+export function decryptSessionId(encrypted: string): string | null {
+  try {
+    const key = Buffer.from(process.env.SESSION_SECRET!, "hex");
+    const [ivHex, authTagHex, ciphertextHex] = encrypted.split(":");
+    if (!ivHex || !authTagHex || !ciphertextHex) return null;
+
+    const iv = Buffer.from(ivHex, "hex");
+    const authTag = Buffer.from(authTagHex, "hex");
+    const ciphertext = Buffer.from(ciphertextHex, "hex");
+
+    const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+    decipher.setAuthTag(authTag);
+
+    const decrypted = Buffer.concat([
+      decipher.update(ciphertext),
+      decipher.final(),
+    ]);
+
+    return decrypted.toString("utf8");
+  } catch {
+    return null;
+  }
+}