From 408f6035534549e645dd4029ba76f7c861e6f90f Mon Sep 17 00:00:00 2001 From: shashishsoni Date: Tue, 22 Oct 2024 05:31:00 -0700 Subject: [PATCH] enchance the encrytion level and store the user data in database with good level of encrytion --- models/User.js | 2 +- package-lock.json | 70 ++++++++++++++++++++++++++++++++++++++ package.json | 1 + pages/api/auth/login.js | 19 +++++------ pages/api/auth/register.js | 14 ++++++-- 5 files changed, 91 insertions(+), 15 deletions(-) diff --git a/models/User.js b/models/User.js index 76d3f80..7ac9744 100644 --- a/models/User.js +++ b/models/User.js @@ -1,4 +1,4 @@ -import mongoose from 'mongoose'; +const mongoose = require("mongoose"); const UserSchema = new mongoose.Schema({ name: { type: String, required: true }, diff --git a/package-lock.json b/package-lock.json index 7d99288..7d10e01 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,6 +10,7 @@ "dependencies": { "@next/font": "13.2.3", "@reduxjs/toolkit": "^1.9.3", + "argon2": "^0.41.1", "bcryptjs": "^2.4.3", "crypto": "^1.0.1", "eslint": "8.35.0", @@ -753,6 +754,15 @@ "url": "https://github.com/sponsors/panva" } }, + "node_modules/@phc/format": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@phc/format/-/format-1.0.0.tgz", + "integrity": "sha512-m7X9U6BG2+J+R1lSOdCiITLLrxm+cWlNI3HUFA92oLO77ObGNzaKdh8pMLqdZcshtkKuV84olNNXDfMc4FezBQ==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, "node_modules/@pkgr/utils": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/@pkgr/utils/-/utils-2.3.1.tgz", @@ -1378,6 +1388,21 @@ "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==", "dev": true }, + "node_modules/argon2": { + "version": "0.41.1", + "resolved": "https://registry.npmjs.org/argon2/-/argon2-0.41.1.tgz", + "integrity": "sha512-dqCW8kJXke8Ik+McUcMDltrbuAWETPyU6iq+4AhxqKphWi7pChB/Zgd/Tp/o8xRLbg8ksMj46F/vph9wnxpTzQ==", + "hasInstallScript": true, + "license": "MIT", + "dependencies": { + "@phc/format": "^1.0.0", + "node-addon-api": "^8.1.0", + "node-gyp-build": "^4.8.1" + }, + "engines": { + "node": ">=16.17.0" + } + }, "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -4453,6 +4478,15 @@ "react": ">= 16.0.0" } }, + "node_modules/node-addon-api": { + "version": "8.2.1", + "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.2.1.tgz", + "integrity": "sha512-vmEOvxwiH8tlOcv4SyE8RH34rI5/nWVaigUeAUPawC6f0+HoDthwI0vkMu4tbtsZrXq6QXFfrkhjofzKEs5tpA==", + "license": "MIT", + "engines": { + "node": "^18 || ^20 || >= 21" + } + }, "node_modules/node-fetch": { "version": "1.7.3", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz", @@ -4462,6 +4496,17 @@ "is-stream": "^1.0.1" } }, + "node_modules/node-gyp-build": { + "version": "4.8.2", + "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.2.tgz", + "integrity": "sha512-IRUxE4BVsHWXkV/SFOut4qTlagw2aM8T5/vnTsmrHJvVoKueJHRc/JaFND7QDDc61kLYUJ6qlZM3sqTSyx2dTw==", + "license": "MIT", + "bin": { + "node-gyp-build": "bin.js", + "node-gyp-build-optional": "optional.js", + "node-gyp-build-test": "build-test.js" + } + }, "node_modules/node-releases": { "version": "2.0.10", "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.10.tgz", @@ -7034,6 +7079,11 @@ "resolved": "https://registry.npmjs.org/@panva/hkdf/-/hkdf-1.0.4.tgz", "integrity": "sha512-003xWiCuvePbLaPHT+CRuaV4GlyCAVm6XYSbBZDHoWZGn1mNkVKFaDbGJjjxmEFvizUwlCoM6O18FCBMMky2zQ==" }, + "@phc/format": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@phc/format/-/format-1.0.0.tgz", + "integrity": "sha512-m7X9U6BG2+J+R1lSOdCiITLLrxm+cWlNI3HUFA92oLO77ObGNzaKdh8pMLqdZcshtkKuV84olNNXDfMc4FezBQ==" + }, "@pkgr/utils": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/@pkgr/utils/-/utils-2.3.1.tgz", @@ -7548,6 +7598,16 @@ "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==", "dev": true }, + "argon2": { + "version": "0.41.1", + "resolved": "https://registry.npmjs.org/argon2/-/argon2-0.41.1.tgz", + "integrity": "sha512-dqCW8kJXke8Ik+McUcMDltrbuAWETPyU6iq+4AhxqKphWi7pChB/Zgd/Tp/o8xRLbg8ksMj46F/vph9wnxpTzQ==", + "requires": { + "@phc/format": "^1.0.0", + "node-addon-api": "^8.1.0", + "node-gyp-build": "^4.8.1" + } + }, "argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -9761,6 +9821,11 @@ "prop-types": "^15.8.1" } }, + "node-addon-api": { + "version": "8.2.1", + "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.2.1.tgz", + "integrity": "sha512-vmEOvxwiH8tlOcv4SyE8RH34rI5/nWVaigUeAUPawC6f0+HoDthwI0vkMu4tbtsZrXq6QXFfrkhjofzKEs5tpA==" + }, "node-fetch": { "version": "1.7.3", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz", @@ -9770,6 +9835,11 @@ "is-stream": "^1.0.1" } }, + "node-gyp-build": { + "version": "4.8.2", + "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.2.tgz", + "integrity": "sha512-IRUxE4BVsHWXkV/SFOut4qTlagw2aM8T5/vnTsmrHJvVoKueJHRc/JaFND7QDDc61kLYUJ6qlZM3sqTSyx2dTw==" + }, "node-releases": { "version": "2.0.10", "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.10.tgz", diff --git a/package.json b/package.json index ab43099..69a11c3 100644 --- a/package.json +++ b/package.json @@ -11,6 +11,7 @@ "dependencies": { "@next/font": "13.2.3", "@reduxjs/toolkit": "^1.9.3", + "argon2": "^0.41.1", "bcryptjs": "^2.4.3", "crypto": "^1.0.1", "eslint": "8.35.0", diff --git a/pages/api/auth/login.js b/pages/api/auth/login.js index 3506623..533b7b4 100644 --- a/pages/api/auth/login.js +++ b/pages/api/auth/login.js @@ -1,18 +1,14 @@ import ConnectDB from '@/DB/connectDB'; import User from '@/models/User'; import Joi from 'joi'; -import { compare } from 'bcryptjs'; +import argon2 from 'argon2'; // Import Argon2 for password hashing import jwt from 'jsonwebtoken'; - const schema = Joi.object({ email: Joi.string().email().required(), password: Joi.string().required(), }); - - - export default async (req, res) => { await ConnectDB(); @@ -25,15 +21,16 @@ export default async (req, res) => { const checkUser = await User.findOne({ email }); if (!checkUser) return res.status(401).json({ success: false, message: "Account not Found" }); - const isMatch = await compare(password, checkUser.password); + // Use Argon2 to verify the password + const isMatch = await argon2.verify(checkUser.password, password); if (!isMatch) return res.status(401).json({ success: false, message: "Incorrect Password" }); - const token = jwt.sign({ id: checkUser._id, email: checkUser.email }, process.env.JWT_SECREAT, { expiresIn: '1d' }); - const finalData = {token , user : checkUser} - return res.status(200).json({ success: true, message: "Login Successfull", finalData}) + const token = jwt.sign({ id: checkUser._id, email: checkUser.email }, process.env.JWT_SECRET, { expiresIn: '1d' }); + const finalData = { token, user: checkUser }; + return res.status(200).json({ success: true, message: "Login Successful", finalData }); } catch (error) { - console.log('Error in register (server) => ', error); - return res.status(500).json({ success: false, message: "Something Went Wrong Please Retry Later !" }) + console.error('Error in login (server) => ', error); // Log the error + return res.status(500).json({ success: false, message: "Something Went Wrong Please Retry Later !" }); } } diff --git a/pages/api/auth/register.js b/pages/api/auth/register.js index 99091bf..963137d 100644 --- a/pages/api/auth/register.js +++ b/pages/api/auth/register.js @@ -1,7 +1,7 @@ import ConnectDB from '@/DB/connectDB'; import User from '@/models/User'; import Joi from 'joi'; -import { hash } from 'bcryptjs'; +import argon2 from 'argon2'; const schema = Joi.object({ @@ -27,13 +27,21 @@ export default async (req, res) => { } else { - const hashedPassword = await hash(password, 12) + // Use Argon2 to hash the password + const hashedPassword = await argon2.hash(password, { + type: argon2.argon2id, + memoryCost: 2 ** 16, // 64MB + timeCost: 5, // iterations + parallelism: 1 // Number of threads (1 in this case) + }); + const createUser = await User.create({ email, name, password: hashedPassword }); return res.status(201).json({ success: true, message: "Account created successfully" }); } } catch (error) { console.log('Error in register (server) => ', error); - return res.status(500).json({ success: false, message: "Something Went Wrong Please Retry Later !" }) + return res.status(500).json({ success: false, message: "Something Went Wrong Please Retry Later !" }); } } +