Password encryption

2024-11-20 10:43:48 +01:00
parent e02f2d252e
commit d4fbda26d7
12 changed files with 289 additions and 43 deletions
--- a/backend/data/accounts.json
+++ b/backend/data/accounts.json
@@ -2,7 +2,6 @@
  "data": [
    {
      "username": "hagemeister93",
-      "password": "Xjt3qb5t",
      "email": "hagemeister93@gmail.com",
      "firstName": "Laurin",
      "lastName": "Hagemeister",
@@ -24,7 +23,6 @@
    },
    {
      "username": "katjaStoiber",
-      "password": "target123",
      "email": "k.stoiber@uni-hannover.de",
      "firstName": "Katja",
      "lastName": "Stoiber",
@@ -46,7 +44,6 @@
    },
    {
      "username": "oetkerohnek",
-      "password": "iloveyou",
      "email": "oetker30625@gmx.com",
      "firstName": "Luna",
      "lastName": "Oeter",
@@ -74,7 +71,6 @@
    },
    {
      "username": "duranduran",
-      "password": "H4nn0ver",
      "email": "dduran@hannover.de",
      "firstName": "Jürgen",
      "lastName": "Durand",
@@ -102,7 +98,6 @@
    },
    {
      "username": "guitarhero",
-      "password": "gwerty123",
      "email": "guitarheroFurti@gmail.com",
      "firstName": "Frederik",
      "lastName": "Furtwängler",
@@ -124,7 +119,6 @@
    },
    {
      "username": "herbstMareike",
-      "password": "qhsrbpgrs",
      "email": "m.herbst@uni-hannover.de",
      "firstName": "Mareike",
      "lastName": "Herbst",
@@ -146,7 +140,6 @@
    },
    {
      "username": "seibertmitb",
-      "password": "{jkz+WvQe",
      "email": "janna-seibert@yahoo.com",
      "firstName": "Janna",
      "lastName": "Seibert",
--- a/backend/models/user/account.model.ts
+++ b/backend/models/user/account.model.ts
@@ -1,9 +1,10 @@
-import { Table, Column, Model, HasMany, Unique, BelongsTo, ForeignKey } from 'sequelize-typescript';
+import { Table, Column, Model, HasMany, Unique, BelongsTo, ForeignKey, BeforeCreate, BeforeUpdate } from 'sequelize-typescript';
 import { Order } from '../ordering/order.model';
 import { Address } from './address.model';
 import { Payment } from './payment.model';
 import { AccountRole } from './accountRole.model';
 import { Rating } from '../acts/rating.model';
+import { encryptString } from '../../scripts/encryptScripts';

@Table({ timestamps: false })
 export class Account extends Model {
@@ -44,4 +45,12 @@ export class Account extends Model {

  @BelongsTo(() => AccountRole)
  accountRole: AccountRole
+
+
+  // Hooks
+
+  @BeforeCreate
+  static async encryptPassword(instance: Account) {
+    instance.dataValues.password = encryptString(instance.dataValues.password)
+  }
 }
--- a/backend/routes/account.routes.ts
+++ b/backend/routes/account.routes.ts
@@ -8,6 +8,7 @@ import { Exercise } from "../models/exercises/exercise.model";
 import { sequelize } from "../database";
 import jwt from "jsonwebtoken"
 import { verifyToken } from "../middlewares/auth.middleware";
+import { encryptString } from "../scripts/encryptScripts";

 export const account = Router()

@@ -22,12 +23,14 @@ account.get("/", (req: Request, res: Response) => {

 // Login user
 account.get("/login", async (req: Request, res: Response) => {
+  const encryptedPassword = encryptString(String(req.query.password))
+
  // Using raw SQL code for SQL injections!
  const [results, metadata] = 
    await sequelize.query(
      "SELECT * FROM Accounts " +
      "WHERE (username='" + req.query.username + 
-      "' AND password='" + req.query.password + "')"
+      "' AND password='" + encryptedPassword + "')"
    )

  if (results.length != 0) {
--- a/backend/scripts/databaseHelper.ts
+++ b/backend/scripts/databaseHelper.ts
@@ -204,7 +204,19 @@ export async function prepopulateDatabase() {

  AccountRole.bulkCreate(accountRoles.data)

+  let chars = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
  for (let account of accounts.data) {
+    // Create a random 12 char password
+    let password = ""
+
+    for (var i = 0; i <= 12; i++) {
+      var randomNumber = Math.floor(Math.random() * chars.length);
+      password += chars.substring(randomNumber, randomNumber +1);
+    }
+
+    account["password"] = password
+
    await Account.create(account)
      .then(async dataset => {
        for (let address of account.addresses) {
--- a/backend/scripts/encryptScripts.ts
+++ b/backend/scripts/encryptScripts.ts
@@ -0,0 +1,32 @@
+import { createCipheriv, randomBytes } from "crypto"
+
+
+export function encryptString(value: string): string {
+  // Defining algorithm
+    const algorithm = 'aes-256-cbc';
+
+    // Defining key
+    const key = Buffer.from(
+      [
+        0xa, 0xc, 0xc, 0x0, 0xf, 0xf, 0xa, 0x6,
+        0x4, 0xe, 0xc, 0x5, 0x0, 0xe, 0xa, 0xa,
+        0x1, 0x3, 0x7, 0xf, 0xf, 0x7, 0x8, 0x4,
+        0xd, 0xf, 0x3, 0x9, 0xc, 0x2, 0xc, 0xc
+      ]
+    )
+
+    // Defining iv
+    const iv = Buffer.from(
+      [
+        0xb, 0xd, 0x6, 0x6, 0xa, 0x5, 0xf, 0xa, 0x6, 0xb, 0xe, 0x4, 0x3, 0xa, 0x9, 0x2
+      ]
+    )
+
+    let cipher = createCipheriv(algorithm, Buffer.from(key), iv);
+
+    // let cipher = createCipheriv(algorithm, Buffer.from(ENCRYPTION_KEY, 'hex'), iv);
+    let encrypted = cipher.update(value)
+    encrypted = Buffer.concat([encrypted, cipher.final()])
+
+    return encrypted.toString("hex")
+}