pnpm@10.7, node@23, argon->@node-rs/argon2

.vscode/settings.json

@@ -9,8 +9,7 @@
     "[typescript]": {
         "editor.defaultFormatter": "vscode.typescript-language-features",
         "editor.codeActionsOnSave": {
-            "source.organizeImports": true,
+            "source.organizeImports": "explicit"
-            // "source.fixAll": true
         }
     },
     "javascript.preferences.quoteStyle": "single",

Dockerfile

@@ -1,10 +1,12 @@
 # Typescript Build
-FROM registry.odit.services/hub/library/node:21.1.0-alpine3.18 AS build
+FROM registry.odit.services/hub/library/node:23.10.0-alpine3.21 AS build
 ARG NPM_REGISTRY_URL=https://registry.npmjs.org
 WORKDIR /app
 
 COPY package.json ./
-RUN npm config set registry $NPM_REGISTRY_URL && npm i -g pnpm@8
+COPY pnpm-workspace.yaml ./
+COPY pnpm-lock.yaml ./
+RUN npm config set registry $NPM_REGISTRY_URL && npm i -g pnpm@10.7
 RUN mkdir /pnpm && pnpm config set store-dir /pnpm && pnpm i
 
 COPY tsconfig.json ormconfig.js ./
@@ -14,9 +16,11 @@ RUN pnpm run build \
     && pnpm i --production --prefer-offline
 
 # final image
-FROM registry.odit.services/hub/library/node:21.1.0-alpine3.18 AS final
+FROM registry.odit.services/hub/library/node:23.10.0-alpine3.21 AS final
 WORKDIR /app
 COPY --from=build /app/package.json /app/package.json
+COPY --from=build /app/pnpm-lock.yaml /app/pnpm-lock.yaml
+COPY --from=build /app/pnpm-workspace.yaml /app/pnpm-workspace.yaml
 COPY --from=build /app/ormconfig.js /app/ormconfig.js
 COPY --from=build /app/dist /app/dist
 COPY --from=build /app/node_modules /app/node_modules

docker-compose.yml

@@ -1,4 +1,3 @@
-version: "3"
 services:
   backend_server:
     build: .
@@ -14,7 +13,7 @@ services:
       DB_NAME: ./db.sqlite
       NODE_ENV: production
       POSTALCODE_COUNTRYCODE: DE
-      SEED_TEST_DATA: "false"
+      SEED_TEST_DATA: "true"
       MAILER_URL: https://dev.lauf-fuer-kaya.de/mailer
       MAILER_KEY: asdasd
       # APP_PORT: 4010

package.json

@@ -3,9 +3,6 @@
   "version": "1.3.0",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
-  "engines": {
-    "pnpm": "8"
-  },
   "author": {
     "name": "ODIT.Services",
     "email": "info@odit.services",
@@ -25,8 +22,8 @@
   ],
   "license": "CC-BY-NC-SA-4.0",
   "dependencies": {
+    "@node-rs/argon2": "^2.0.2",
     "@odit/class-validator-jsonschema": "2.1.1",
-    "argon2": "0.31.2",
     "axios": "0.21.1",
     "body-parser": "1.19.0",
     "check-password-strength": "2.0.2",
@@ -46,7 +43,7 @@
     "reflect-metadata": "0.1.13",
     "routing-controllers": "0.9.0-alpha.6",
     "routing-controllers-openapi": "2.2.0",
-    "sqlite3": "5.1.6",
+    "sqlite3": "5.1.7",
     "typeorm": "0.2.30",
     "typeorm-routing-controllers-extensions": "0.2.0",
     "typeorm-seeding": "1.6.1",

pnpm-workspace.yaml

@@ -0,0 +1,2 @@
+onlyBuiltDependencies:
+  - sqlite3

src/middlewares/ScanAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { verify } from '@node-rs/argon2';
 import { Request, Response } from 'express';
 import { getConnectionManager } from 'typeorm';
 import { ScanStation } from '../models/entities/ScanStation';
@@ -58,7 +58,7 @@ const ScanAuth = async (req: Request, res: Response, next: () => void) => {
         if (station.enabled == false) {
             res.status(401).send({ http_code: 401, short: "station_disabled", message: "Station is disabled." });
         }
-        if (!(await argon2.verify(station.key, provided_token))) {
+        if (!(await verify(station.key, provided_token))) {
             res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
             return;
         }

src/middlewares/StatsAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { verify } from '@node-rs/argon2';
 import { Request, Response } from 'express';
 import { getConnectionManager } from 'typeorm';
 import { StatsClient } from '../models/entities/StatsClient';
@@ -55,7 +55,7 @@ const StatsAuth = async (req: Request, res: Response, next: () => void) => {
         }
     }
     else {
-        if (!(await argon2.verify(client.key, provided_token))) {
+        if (!(await verify(client.key, provided_token))) {
             res.status(401).send("Api token invalid.");
             return;
         }

src/models/actions/ResetPassword.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
@@ -49,7 +49,7 @@ export class ResetPassword {
         if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }
 
         found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
-        found_user.password = await argon2.hash(this.password + found_user.uuid);
+        found_user.password = await hash(this.password + found_user.uuid);
         await getConnectionManager().get().getRepository(User).save(found_user);
 
         return "password reset successfull";

src/models/actions/create/CreateAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { verify } from '@node-rs/argon2';
 import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../../errors/AuthError';
@@ -56,7 +56,7 @@ export class CreateAuth {
             throw new UserNotFoundError();
         }
         if (found_user.enabled == false) { throw new UserDisabledError(); }
-        if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
+        if (!(await verify(found_user.password, this.password + found_user.uuid))) {
             throw new InvalidCredentialsError();
         }
 

src/models/actions/create/CreateScanStation.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { IsBoolean, IsInt, IsOptional, IsPositive, IsString } from 'class-validator';
 import crypto from 'crypto';
 import { getConnection } from 'typeorm';
@@ -44,7 +44,7 @@ export class CreateScanStation {
 
         let newUUID = uuid.v4().toUpperCase();
         newStation.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
-        newStation.key = await argon2.hash(newStation.prefix + "." + newUUID);
+        newStation.key = await hash(newStation.prefix + "." + newUUID);
         newStation.cleartextkey = newStation.prefix + "." + newUUID;
 
         return newStation;

src/models/actions/create/CreateStatsClient.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { IsOptional, IsString } from 'class-validator';
 import crypto from 'crypto';
 import * as uuid from 'uuid';
@@ -25,7 +25,7 @@ export class CreateStatsClient {
 
         let newUUID = uuid.v4().toUpperCase();
         newClient.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
-        newClient.key = await argon2.hash(newClient.prefix + "." + newUUID);
+        newClient.key = await hash(newClient.prefix + "." + newUUID);
         newClient.cleartextkey = newClient.prefix + "." + newUUID;
 
         return newClient;

src/models/actions/create/CreateUser.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from "@node-rs/argon2";
 import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
@@ -110,7 +110,7 @@ export class CreateUser {
         newUser.lastname = this.lastname
         newUser.uuid = uuid.v4()
         newUser.phone = this.phone
-        newUser.password = await argon2.hash(this.password + newUser.uuid);
+        newUser.password = await hash(this.password + newUser.uuid);
         newUser.groups = await this.getGroups();
         newUser.enabled = this.enabled;
 

src/models/actions/update/UpdateUser.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
@@ -111,7 +111,7 @@ export class UpdateUser {
             if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
             if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
             if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
-            user.password = await argon2.hash(this.password + user.uuid);
+            user.password = await hash(this.password + user.uuid);
             user.refreshTokenCount = user.refreshTokenCount + 1;
         }
 

src/seeds/SeedUsers.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { Connection } from 'typeorm';
 import { Factory, Seeder } from 'typeorm-seeding';
 import * as uuid from 'uuid';
@@ -33,7 +33,7 @@ export default class SeedUsers implements Seeder {
         initialUser.lastname = "demo";
         initialUser.username = "demo";
         initialUser.uuid = uuid.v4();
-        initialUser.password = await argon2.hash("demo" + initialUser.uuid);
+        initialUser.password = await hash("demo" + initialUser.uuid);
         initialUser.email = "demo@dev.lauf-fuer-kaya.de"
         initialUser.groups = [group];
         return await connection.getRepository(User).save(initialUser);