igm/publisher-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add utils package with Web Crypto password hashing

Browse Source 
- Create @reviq/utils package with PBKDF2-SHA256 password hashing
  compatible with Cloudflare Workers (uses crypto.subtle)
- Update api-server and CLI to use new utils package for consistent
  password hashing format across the codebase
- Add pino logging to api-server for better request debugging
- Make login request tokens cryptographically secure base58 strings
  instead of database IDs
- Add migration to make login_requests.token non-nullable with unique
  constraint
- Fix RPCLink URL construction for client-side API calls
- Add db:codegen script to root package.json

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
RevIQ
2026-01-09 18:12:33 +08:00
parent cee700f063
commit c1afc39062
25 changed files with 512 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/cli/src/routes/bootstrap.ts
View File

@@ -1,8 +1,8 @@
import type { LocalContext } from "../context.js";
import { createDb } from "@reviq/db";
import { hashPassword } from "@reviq/utils";
import { buildCommand } from "@stricli/core";
import { writeConfig } from "../utils/config.js";
import { hashPassword } from "../utils/password.js";
import { generateToken, hashToken } from "../utils/token.js";
interface BootstrapFlags {
@@ -40,7 +40,7 @@ async function bootstrap(
}
// Hash the password
const passwordHash = hashPassword(flags.password);
const passwordHash = await hashPassword(flags.password);
// Create superuser
const [user] = await db

22
apps/cli/src/utils/password.ts
View File

@@ -1,22 +0,0 @@
/**
* Password hashing utilities using scrypt from @noble/hashes
*/
import { scrypt as nobleScrypt } from "@noble/hashes/scrypt.js";
import { randomBytes } from "@noble/hashes/utils.js";
// scrypt parameters: N=2^17, r=8, p=1, dkLen=32
const N = 131072;
const r = 8;
const p = 1;
const dkLen = 32;
/**
* Hash a password using scrypt
* Format: scrypt$17$8$1$<salt-base64>$<hash-base64>
*/
export const hashPassword = (password: string): string => {
const salt = randomBytes(16);
const hash = nobleScrypt(password, salt, { N, r, p, dkLen });
return `scrypt$17$8$1$${Buffer.from(salt).toString("base64")}$${Buffer.from(hash).toString("base64")}`;
};