reset password flow

2026-03-02 00:36:38 +00:00 · 2024-12-22 16:59:30 -05:00
parent 9c37036a39
commit f224bfa4ee
22 changed files with 739 additions and 184 deletions
--- a/server/routers/newt/createNewt.ts
+++ b/server/routers/newt/createNewt.ts
@@ -11,6 +11,7 @@ import moment from "moment";
 import { generateSessionToken } from "@server/auth";
 import { createNewtSession } from "@server/auth/newt";
 import { fromError } from "zod-validation-error";
+import { hashPassword } from "@server/auth/password";

 export const createNewtBodySchema = z.object({});

@@ -54,13 +55,7 @@ export async function createNewt(
            );
        }

-        // generate a newtId and secret
-        const secretHash = await hash(secret, {
-            memoryCost: 19456,
-            timeCost: 2,
-            outputLen: 32,
-            parallelism: 1,
-        });
+        const secretHash = await hashPassword(secret);

        await db.insert(newts).values({
            newtId: newtId,
@@ -99,7 +94,7 @@ export async function createNewt(
            );
        } else {
            console.error(e);
-            
+
            return next(
                createHttpError(
                    HttpCode.INTERNAL_SERVER_ERROR,
--- a/server/routers/newt/getToken.ts
+++ b/server/routers/newt/getToken.ts
@@ -2,7 +2,7 @@ import { verify } from "@node-rs/argon2";
 import {
    createSession,
    generateSessionToken,
-    verifySession,
+    verifySession
 } from "@server/auth";
 import db from "@server/db";
 import { newts } from "@server/db/schema";
@@ -14,11 +14,12 @@ import createHttpError from "http-errors";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { createNewtSession, validateNewtSessionToken } from "@server/auth/newt";
+import { verifyPassword } from "@server/auth/password";

 export const newtGetTokenBodySchema = z.object({
    newtId: z.string(),
    secret: z.string(),
-    token: z.string().optional(),
+    token: z.string().optional()
 });

 export type NewtGetTokenBody = z.infer<typeof newtGetTokenBodySchema>;
@@ -43,16 +44,14 @@ export async function getToken(

    try {
        if (token) {
-            const { session, newt } = await validateNewtSessionToken(
-                token
-            );
+            const { session, newt } = await validateNewtSessionToken(token);
            if (session) {
                return response<null>(res, {
                    data: null,
                    success: true,
                    error: false,
                    message: "Token session already valid",
-                    status: HttpCode.OK,
+                    status: HttpCode.OK
                });
            }
        }
@@ -72,22 +71,13 @@ export async function getToken(

        const existingNewt = existingNewtRes[0];

-        const validSecret = await verify(
-            existingNewt.secretHash,
+        const validSecret = await verifyPassword(
            secret,
-            {
-                memoryCost: 19456,
-                timeCost: 2,
-                outputLen: 32,
-                parallelism: 1,
-            }
+            existingNewt.secretHash
        );
        if (!validSecret) {
            return next(
-                createHttpError(
-                    HttpCode.BAD_REQUEST,
-                    "Secret is incorrect"
-                )
+                createHttpError(HttpCode.BAD_REQUEST, "Secret is incorrect")
            );
        }

@@ -101,7 +91,7 @@ export async function getToken(
            success: true,
            error: false,
            message: "Token created successfully",
-            status: HttpCode.OK,
+            status: HttpCode.OK
        });
    } catch (e) {
        console.error(e);