From ff71f26a16edb5a29959af5f4388b6808df4f731 Mon Sep 17 00:00:00 2001 From: Andy Hsu Date: Sun, 6 Aug 2023 22:18:32 +0800 Subject: [PATCH] perf: hash password for login --- package.json | 1 + pnpm-lock.yaml | 26 ++++++++++++++++++++++++++ src/pages/login/index.tsx | 7 ++++--- src/utils/hash.ts | 7 +++++++ src/utils/index.ts | 1 + 5 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 src/utils/hash.ts diff --git a/package.json b/package.json index fc018884f..085a0eeea 100644 --- a/package.json +++ b/package.json @@ -71,6 +71,7 @@ "remark-gfm": "^3.0.1", "remark-math": "^5.1.1", "seemly": "^0.3.6", + "sha-anything": "^0.0.4", "solid-contextmenu": "0.0.2", "solid-icons": "^1.0.1", "solid-js": "^1.4.8", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ded07427b..4c151bdcb 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -71,6 +71,9 @@ dependencies: seemly: specifier: ^0.3.6 version: 0.3.6 + sha-anything: + specifier: ^0.0.4 + version: 0.0.4 solid-contextmenu: specifier: 0.0.2 version: 0.0.2(solid-js@1.4.8)(solid-transition-group@0.0.12) @@ -1037,6 +1040,11 @@ packages: which: 2.0.2 dev: true + /crypto-hash@2.0.1: + resolution: {integrity: sha512-t4mkp7Vh6MuCZRBf0XLzBOfhkH3nW6YEAotMDSjshVQ1GffCMGdPLSr7pKH0rdXY02jTjAZ7QW2apD0buaZXcQ==} + engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} + dev: false + /css-select@4.3.0: resolution: {integrity: sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ==} dependencies: @@ -1387,6 +1395,10 @@ packages: resolution: {integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==} dev: false + /fast-sort@3.4.0: + resolution: {integrity: sha512-c/cMBGA5mH3OYjaXedtLIM3hQjv+KuZuiD2QEH5GofNOZeQVDIYIN7Okc2AW1KPhk44g5PTZnXp8t2lOMl8qhQ==} + dev: false + /fd-slicer@1.1.0: resolution: {integrity: sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==} dependencies: @@ -1695,6 +1707,11 @@ packages: engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} dev: true + /is-what@4.1.15: + resolution: {integrity: sha512-uKua1wfy3Yt+YqsD6mTUEa2zSi3G1oPlqTflgaPJ7z63vUGN5pxFpnQfeSLMFnJDEsdvOtkp1rUWkYjB4YfhgA==} + engines: {node: '>=12.13'} + dev: false + /is-what@4.1.7: resolution: {integrity: sha512-DBVOQNiPKnGMxRMLIYSwERAS5MVY1B7xYiGnpgctsOFvVDz9f9PFXXxMcTOHuoqYp4NK9qFYQaIC1NRRxLMpBQ==} engines: {node: '>=12.13'} @@ -2608,6 +2625,15 @@ packages: hasBin: true dev: true + /sha-anything@0.0.4: + resolution: {integrity: sha512-g7KCmHJ016M+QHjHeXR6Sx1E6fzAr17zz1oWt1eCxztqTj4MiQz3I7vrSz6hTsJp80ZRAZVDqaFbA/hmEyVYtg==} + engines: {node: '>=12.13'} + dependencies: + crypto-hash: 2.0.1 + fast-sort: 3.4.0 + is-what: 4.1.15 + dev: false + /shebang-command@2.0.0: resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==, tarball: https://registry.npm.taobao.org/shebang-command/-/shebang-command-2.0.0.tgz} engines: {node: '>=8'} diff --git a/src/pages/login/index.tsx b/src/pages/login/index.tsx index 8a2b33d5d..c7920f62b 100644 --- a/src/pages/login/index.tsx +++ b/src/pages/login/index.tsx @@ -20,6 +20,7 @@ import { notify, handleRespWithoutNotify, base_path, + hashPwd, } from "~/utils" import { Resp } from "~/types" import LoginBg from "./LoginBg" @@ -45,10 +46,10 @@ const Login = () => { const [opt, setOpt] = createSignal("") const [remember, setRemember] = createStorageSignal("remember-pwd", "false") const [loading, data] = useFetch( - (): Promise> => - r.post("/auth/login", { + async (): Promise> => + r.post("/auth/login/hash", { username: username(), - password: password(), + password: await hashPwd(password()), otp_code: opt(), }), ) diff --git a/src/utils/hash.ts b/src/utils/hash.ts new file mode 100644 index 000000000..bd29a0998 --- /dev/null +++ b/src/utils/hash.ts @@ -0,0 +1,7 @@ +import { sha256 } from "sha-anything" + +const hash_salt = "https://github.com/alist-org/alist" + +export async function hashPwd(pwd: string) { + return await sha256(`${pwd}-${hash_salt}`) +} diff --git a/src/utils/index.ts b/src/utils/index.ts index 193202531..b0b1324b4 100644 --- a/src/utils/index.ts +++ b/src/utils/index.ts @@ -9,3 +9,4 @@ export * from "./str" export * from "./handle_resp" export * from "./const" export * from "./api" +export * from "./hash"