Merge pull request #6 from neuralarchitects/bcrypt

TheArchitect2000 · web-flow · commit 1a544f7828c1 · 2025-08-28T05:24:17.000-07:00
1 - Moved the password hashing process from frontend to backend. 2- Fixed the user registration process by checking if the user already exist. fix: remove bcrypt from webapp, delegate password hashing to back-end #5
diff --git a/backend/src/modules/user/services/user/user.service.ts b/backend/src/modules/user/services/user/user.service.ts
@@ -1,4 +1,4 @@
-import { Inject, Injectable, forwardRef } from '@nestjs/common';
+import { Inject, Injectable, forwardRef, Logger } from '@nestjs/common';
 import { Types } from 'mongoose';
 import { ErrorTypeEnum } from 'src/modules/utility/enums/error-type.enum';
 import { OTPTypeEnum } from 'src/modules/utility/enums/otp-type.enum';
@@ -36,7 +36,7 @@ import {
 import { MailService } from 'src/modules/utility/services/mail.service';
 import { randomBytes } from 'crypto';
 
-const saltRounds = process.env.CRYPTION_SALT;
+const saltRounds = parseInt(process.env.CRYPTION_SALT) || 10;
 
 /**
  * User manipulation service.
@@ -249,14 +249,13 @@ export class UserService {
       }
     } catch (error) {}
 
-    this.otp = await this.otpService.findOTPByEmail(
+    const otp = await this.otpService.findOTPByEmail(
       body.email,
       OTPTypeEnum.REGISTRATION,
     );
-
     if (
-      this.otp.length == 0 ||
-      new Date(this.otp[this.otp.length - 1].expiryDate).getTime() <
+      otp.length == 0 ||
+      new Date(otp[otp.length - 1].expiryDate).getTime() <
         new Date().getTime()
     ) {
       /* const StorX = await storxController.createUserAndGenerateStorXKey(
@@ -1966,6 +1965,10 @@ export class UserService {
       roles.push(ordinaryUserRole);
     }
 
+    if (body.password) {
+      body.password = await bcrypt.hash(String(body.password), saltRounds);
+    }
+
     const newUser = {
       ...body,
       StorX: body.StorX || {},
diff --git a/backend/src/modules/utility/services/mail.service.ts b/backend/src/modules/utility/services/mail.service.ts
@@ -194,7 +194,8 @@ export class MailService {
       return false;
     } */
 
-    const userToken = await this.getTokenWithUserEmail(email);
+
+    // const userToken = await this.getTokenWithUserEmail(email);
 
     await this.mailerService
       .sendMail({
@@ -206,7 +207,7 @@ export class MailService {
           NodeName: process.env.NODE_NAME,
           NodeImageSrc: process.env.THEME_LOGO,
           url: url,
-          unsubscribeEmailUrl: `${this.validateTokenUrl}${userToken}`,
+          // unsubscribeEmailUrl: `${this.validateTokenUrl}${userToken}`,
         },
         attachments: [
           {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -0,0 +1,5 @@
+{
+  "devDependencies": {
+    "@types/bcrypt": "^6.0.0"
+  }
+}
diff --git a/web_app/Source_webapp/package-lock.json b/web_app/Source_webapp/package-lock.json
diff --git a/web_app/Source_webapp/package.json b/web_app/Source_webapp/package.json
@@ -35,7 +35,6 @@
         "@visx/pattern": "^3.0.0",
         "apexcharts": "^3.37.3",
         "axios": "^1.3.4",
-        "bcrypt": "^6.0.0",
         "blockly": "^10.4.3",
         "classnames": "^2.3.2",
         "d3-dsv": "^3.0.1",
diff --git a/web_app/Source_webapp/src/utils/hooks/useAuth.ts b/web_app/Source_webapp/src/utils/hooks/useAuth.ts
@@ -12,13 +12,11 @@ import { REDIRECT_URL_KEY } from '@/constants/app.constant'
 import { useNavigate } from 'react-router-dom'
 import useQuery from './useQuery'
 import type { SignInCredential, SignUpCredential } from '@/@types/auth'
-import * as bcrypt from 'bcrypt'
 
 type Status = 'success' | 'failed'
 
 function useAuth() {
     const dispatch = useAppDispatch()
-    const saltRounds = parseInt(process.env.CRYPTION_SALT || '10', 10)
     const navigate = useNavigate()
 
     const query = useQuery()
@@ -37,14 +35,6 @@ function useAuth() {
         try {
             let resp
 
-            const salt = bcrypt.genSaltSync(saltRounds)
-            const hashedNewPassword = bcrypt.hashSync(
-                String(values.password),
-                salt
-            )
-
-            values = { ...values, password: hashedNewPassword }
-
             if (values.tokenId || values.accessToken) {
                 try {
                     resp = await apiSignInGoogle(
@@ -98,14 +88,6 @@ function useAuth() {
 
     const signUp = async (values: SignUpCredential) => {
         try {
-            const salt = bcrypt.genSaltSync(saltRounds)
-            const hashedNewPassword = bcrypt.hashSync(
-                String(values.password),
-                salt
-            )
-
-            values = { ...values, password: hashedNewPassword }
-
             const resp = await apiSignUp(values)
             console.log(resp)
             if (resp.data) {

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +{
 +  "devDependencies": {
 +    "@types/bcrypt": "^6.0.0"
 +  }
 +}