selfhosted
/
Reactive-Resume
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

perf(security): generate random salt rounds integer

This commit is contained in:
Amruth Pillai 2022-03-24 08:45:22 +01:00
parent 776d2f79a6
commit c95efee8ec
No known key found for this signature in database
GPG Key ID: E3C57DF9B80855AD
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server/src/auth/auth.service.ts
View File

@ -3,6 +3,7 @@ import { ConfigService } from '@nestjs/config';
import { JwtService } from '@nestjs/jwt';
import { SchedulerRegistry } from '@nestjs/schedule';
import bcrypt from 'bcrypt';
import { randomInt } from 'crypto';
import { google } from 'googleapis';
import { PostgresErrorCode } from '@/database/errorCodes.enum';
@ -22,12 +23,8 @@ export class AuthService {
private jwtService: JwtService
) {}
private getRandomSaltRounds(min: number, max: number) {
return Math.floor(Math.random() * (max - min + 1) + min);
}
async register(registerDto: RegisterDto) {
const hashedPassword = await bcrypt.hash(registerDto.password, this.getRandomSaltRounds(10, 20));
const hashedPassword = await bcrypt.hash(registerDto.password, randomInt(8, 12));
try {
const createdUser = await this.usersService.create({
@ -78,7 +75,7 @@ export class AuthService {
async resetPassword(resetPasswordDto: ResetPasswordDto) {
const user = await this.usersService.findByResetToken(resetPasswordDto.resetToken);
const hashedPassword = await bcrypt.hash(resetPasswordDto.password, this.getRandomSaltRounds(10, 20));
const hashedPassword = await bcrypt.hash(resetPasswordDto.password, randomInt(8, 12));
await this.usersService.update(user.id, {
password: hashedPassword,