refactor: Switch from official argon2 to Bun's implementation

2026-02-20 21:59:56 +01:00
parent c9b8614f53
commit a1e697acb2
9 changed files with 85 additions and 73 deletions
--- a/src/middlewares/StatsAuth.ts
+++ b/src/middlewares/StatsAuth.ts
@@ -1,4 +1,4 @@
-import { verify } from '@node-rs/argon2';
+import * as Bun from 'bun';
 import { Request, Response } from 'express';
 import { getConnectionManager } from 'typeorm';
 import { StatsClient } from '../models/entities/StatsClient';
@@ -55,7 +55,7 @@ const StatsAuth = async (req: Request, res: Response, next: () => void) => {
        }
    }
    else {
-        if (!(await verify(client.key, provided_token))) {
+        if (!(await Bun.password.verify(provided_token, client.key))) {
            res.status(401).send("Api token invalid.");
            return;
        }
--- a/src/models/actions/ResetPassword.ts
+++ b/src/models/actions/ResetPassword.ts
@@ -1,4 +1,4 @@
-import { hash } from '@node-rs/argon2';
+import * as Bun from 'bun';
 import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
@@ -49,7 +49,7 @@ export class ResetPassword {
        if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }

        found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
-        found_user.password = await hash(this.password + found_user.uuid);
+        found_user.password = await Bun.password.hash(this.password + found_user.uuid);
        await getConnectionManager().get().getRepository(User).save(found_user);

        return "password reset successfull";
--- a/src/models/actions/create/CreateAuth.ts
+++ b/src/models/actions/create/CreateAuth.ts
@@ -1,4 +1,4 @@
-import { verify } from '@node-rs/argon2';
+import * as Bun from 'bun';
 import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../../errors/AuthError';
@@ -56,7 +56,7 @@ export class CreateAuth {
            throw new UserNotFoundError();
        }
        if (found_user.enabled == false) { throw new UserDisabledError(); }
-        if (!(await verify(found_user.password, this.password + found_user.uuid))) {
+        if (!(await Bun.password.verify(this.password + found_user.uuid, found_user.password))) {
            throw new InvalidCredentialsError();
        }

--- a/src/models/actions/create/CreateStatsClient.ts
+++ b/src/models/actions/create/CreateStatsClient.ts
@@ -1,4 +1,4 @@
-import { hash } from '@node-rs/argon2';
+import * as Bun from 'bun';
 import { IsOptional, IsString } from 'class-validator';
 import crypto from 'crypto';
 import * as uuid from 'uuid';
@@ -25,7 +25,7 @@ export class CreateStatsClient {

        let newUUID = uuid.v4().toUpperCase();
        newClient.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
-        newClient.key = await hash(newClient.prefix + "." + newUUID);
+        newClient.key = await Bun.password.hash(newClient.prefix + "." + newUUID);
        newClient.cleartextkey = newClient.prefix + "." + newUUID;

        return newClient;
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@@ -1,4 +1,4 @@
-import { hash } from "@node-rs/argon2";
+import * as Bun from 'bun';
 import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
@@ -110,7 +110,7 @@ export class CreateUser {
        newUser.lastname = this.lastname
        newUser.uuid = uuid.v4()
        newUser.phone = this.phone
-        newUser.password = await hash(this.password + newUser.uuid);
+        newUser.password = Bun.password.hash(this.password + newUser.uuid);
        newUser.groups = await this.getGroups();
        newUser.enabled = this.enabled;

--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@@ -1,4 +1,4 @@
-import { hash } from '@node-rs/argon2';
+import * as Bun from 'bun';
 import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
@@ -111,7 +111,7 @@ export class UpdateUser {
            if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
            if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
            if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
-            user.password = await hash(this.password + user.uuid);
+            user.password = await Bun.password.hash(this.password + user.uuid);
            user.refreshTokenCount = user.refreshTokenCount + 1;
        }

--- a/src/seeds/SeedUsers.ts
+++ b/src/seeds/SeedUsers.ts
@@ -1,4 +1,4 @@
-import { hash } from '@node-rs/argon2';
+import * as Bun from 'bun';
 import { Connection } from 'typeorm';
 import { Factory, Seeder } from 'typeorm-seeding';
 import * as uuid from 'uuid';
@@ -33,7 +33,7 @@ export default class SeedUsers implements Seeder {
        initialUser.lastname = "demo";
        initialUser.username = "demo";
        initialUser.uuid = uuid.v4();
-        initialUser.password = await hash("demo" + initialUser.uuid);
+        initialUser.password = await Bun.password.hash("demo" + initialUser.uuid);
        initialUser.email = "demo@dev.lauf-fuer-kaya.de"
        initialUser.groups = [group];
        return await connection.getRepository(User).save(initialUser);