groove/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-02-28 21:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Merge f35f218c0f into 1d0b7e383a

Browse source
This commit is contained in:
AndrolGenhald 2026-02-25 17:38:58 -06:00 committed by GitHub
commit d34e79e209
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
server/auth/LocalAuthStrategy.js
View file

@ -2,6 +2,7 @@ const passport = require('passport')
const LocalStrategy = require('../libs/passportLocal') const LocalStrategy = require('../libs/passportLocal')
const Database = require('../Database') const Database = require('../Database')
const Logger = require('../Logger') const Logger = require('../Logger')
const { toNumber } = require('../utils/index')
const bcrypt = require('../libs/bcryptjs') const bcrypt = require('../libs/bcryptjs')
const requestIp = require('../libs/requestIp') const requestIp = require('../libs/requestIp')
@ -87,6 +88,20 @@ class LocalAuthStrategy {
// approve login // approve login
Logger.info(`[LocalAuth] User "${user.username}" logged in from ip ${requestIp.getClientIp(req)}`) Logger.info(`[LocalAuth] User "${user.username}" logged in from ip ${requestIp.getClientIp(req)}`)
const BCRYPT_COST = Math.max(Math.trunc(toNumber(process.env.BCRYPT_COST, 12)), 8);
const oldRounds = bcrypt.getRounds(user.pash);
// Update even if current hash is stronger, otherwise users with extra-light hardware (raspberry-pi or similar)
// will have unexpectedly slow logins even after lowering the BCRYPT_COST env var.
if (oldRounds != BCRYPT_COST) {
Logger.info(`[LocalAuth] Updating bcrypt cost for user "${user.username}" from ${oldRounds} to ${BCRYPT_COST}`)
const pash = await this.hashPassword(password)
if (!pash) {
Logger.error(`[LocalAuth] Failed to update bcrypt cost for user "${user.username}"`)
done(null, null)
}
await user.update({ pash })
}
done(null, user) done(null, user)
return return
} }
@ -114,7 +129,8 @@ class LocalAuthStrategy {
*/ */
hashPassword(password) { hashPassword(password) {
return new Promise((resolve) => { return new Promise((resolve) => {
bcrypt.hash(password, 8, (err, hash) => { const BCRYPT_COST = Math.max(Math.trunc(toNumber(process.env.BCRYPT_COST, 12)), 8);
bcrypt.hash(password, BCRYPT_COST, (err, hash) => {
if (err) { if (err) {
resolve(null) resolve(null)
} else { } else {