fix: remove bcrypt from webapp, delegate password hashing to back-end

Mo-Kasaei · Mo-Kasaei · commit 83373d9ebf09 · 2025-08-23T16:47:57.000Z
diff --git a/backend/src/modules/user/services/user/user.service.ts b/backend/src/modules/user/services/user/user.service.ts
@@ -1966,6 +1966,11 @@ export class UserService {
       roles.push(ordinaryUserRole);
     }
 
+    if (body.password){
+      const salt = bcrypt.genSaltSync(saltRounds);
+      body.password = bcrypt.hashSync(String(body.password), salt);
+    }
+
     const newUser = {
       ...body,
       StorX: body.StorX || {},
diff --git a/web_app/Source_webapp/package-lock.json b/web_app/Source_webapp/package-lock.json
diff --git a/web_app/Source_webapp/package.json b/web_app/Source_webapp/package.json
@@ -35,7 +35,6 @@
         "@visx/pattern": "^3.0.0",
         "apexcharts": "^3.37.3",
         "axios": "^1.3.4",
-        "bcrypt": "^6.0.0",
         "blockly": "^10.4.3",
         "classnames": "^2.3.2",
         "d3-dsv": "^3.0.1",
diff --git a/web_app/Source_webapp/src/utils/hooks/useAuth.ts b/web_app/Source_webapp/src/utils/hooks/useAuth.ts
@@ -12,13 +12,11 @@ import { REDIRECT_URL_KEY } from '@/constants/app.constant'
 import { useNavigate } from 'react-router-dom'
 import useQuery from './useQuery'
 import type { SignInCredential, SignUpCredential } from '@/@types/auth'
-import * as bcrypt from 'bcrypt'
 
 type Status = 'success' | 'failed'
 
 function useAuth() {
     const dispatch = useAppDispatch()
-    const saltRounds = parseInt(process.env.CRYPTION_SALT || '10', 10)
     const navigate = useNavigate()
 
     const query = useQuery()
@@ -37,14 +35,6 @@ function useAuth() {
         try {
             let resp
 
-            const salt = bcrypt.genSaltSync(saltRounds)
-            const hashedNewPassword = bcrypt.hashSync(
-                String(values.password),
-                salt
-            )
-
-            values = { ...values, password: hashedNewPassword }
-
             if (values.tokenId || values.accessToken) {
                 try {
                     resp = await apiSignInGoogle(
@@ -98,14 +88,6 @@ function useAuth() {
 
     const signUp = async (values: SignUpCredential) => {
         try {
-            const salt = bcrypt.genSaltSync(saltRounds)
-            const hashedNewPassword = bcrypt.hashSync(
-                String(values.password),
-                salt
-            )
-
-            values = { ...values, password: hashedNewPassword }
-
             const resp = await apiSignUp(values)
             console.log(resp)
             if (resp.data) {
