attempting to fix legacy user accounts with less than 20 characters.

This commit is contained in:
2026-05-22 15:34:23 +02:00
parent 6c6764202e
commit df312009b8
5 changed files with 28 additions and 8 deletions

View File

@@ -183,10 +183,30 @@ export default new class {
return "$f0ck$" + salt + ":" + derivedKey.toString("hex");
};
async verify(str, hash) {
const [salt, key] = hash.substring(6).split(":");
const keyBuffer = Buffer.from(key, "hex");
const derivedKey = await scrypt(str, salt, 64);
return crypto.timingSafeEqual(keyBuffer, derivedKey);
if (typeof hash !== 'string') return false;
if (hash.startsWith("$f0ck$")) {
const parts = hash.substring(6).split(":");
if (parts.length !== 2) return false;
const [salt, key] = parts;
try {
const keyBuffer = Buffer.from(key, "hex");
const derivedKey = await scrypt(str, salt, 64);
return crypto.timingSafeEqual(keyBuffer, derivedKey);
} catch (e) {
return false;
}
}
if (hash.length === 32) {
return this.md5(str) === hash;
}
if (hash.length === 64) {
return this.sha256(str) === hash;
}
return false;
};
async getTags(itemid) {
const tags = await db`