mirror of
https://github.com/shishantbiswas/bknd.git
synced 2026-03-16 04:27:21 +00:00
feat: add minLength to pw strategy, and enforce
This commit is contained in:
dswbx
@@ -13,6 +13,7 @@ import {
|
||||
InvalidSchemaError,
|
||||
transformObject,
|
||||
mcpTool,
|
||||
$console,
|
||||
} from "bknd/utils";
|
||||
import type { PasswordStrategy } from "auth/authenticate/strategies";
|
||||
|
||||
@@ -210,7 +211,7 @@ export class AuthController extends Controller {
|
||||
const idType = s.anyOf([s.number({ title: "Integer" }), s.string({ title: "UUID" })]);
|
||||
|
||||
const getUser = async (params: { id?: string | number; email?: string }) => {
|
||||
let user: DB["users"] | undefined = undefined;
|
||||
let user: DB["users"] | undefined;
|
||||
if (params.id) {
|
||||
const { data } = await this.userRepo.findId(params.id);
|
||||
user = data;
|
||||
@@ -225,26 +226,33 @@ export class AuthController extends Controller {
|
||||
};
|
||||
|
||||
const roles = Object.keys(this.auth.config.roles ?? {});
|
||||
mcp.tool(
|
||||
"auth_user_create",
|
||||
{
|
||||
description: "Create a new user",
|
||||
inputSchema: s.object({
|
||||
email: s.string({ format: "email" }),
|
||||
password: s.string({ minLength: 8 }),
|
||||
role: s
|
||||
.string({
|
||||
enum: roles.length > 0 ? roles : undefined,
|
||||
})
|
||||
.optional(),
|
||||
}),
|
||||
},
|
||||
async (params, c) => {
|
||||
await c.context.ctx().helper.granted(c, AuthPermissions.createUser);
|
||||
try {
|
||||
const actions = this.auth.authenticator.strategy("password").getActions();
|
||||
if (actions.create) {
|
||||
const schema = actions.create.schema;
|
||||
mcp.tool(
|
||||
"auth_user_create",
|
||||
{
|
||||
description: "Create a new user",
|
||||
inputSchema: s.object({
|
||||
...schema.properties,
|
||||
role: s
|
||||
.string({
|
||||
enum: roles.length > 0 ? roles : undefined,
|
||||
})
|
||||
.optional(),
|
||||
}),
|
||||
},
|
||||
async (params, c) => {
|
||||
await c.context.ctx().helper.granted(c, AuthPermissions.createUser);
|
||||
|
||||
return c.json(await this.auth.createUser(params));
|
||||
},
|
||||
);
|
||||
return c.json(await this.auth.createUser(params));
|
||||
},
|
||||
);
|
||||
}
|
||||
} catch (e) {
|
||||
$console.warn("error creating auth_user_create tool", e);
|
||||
}
|
||||
|
||||
mcp.tool(
|
||||
"auth_user_token",
|
||||
|
||||
@@ -10,6 +10,7 @@ const schema = s
|
||||
.object({
|
||||
hashing: s.string({ enum: ["plain", "sha256", "bcrypt"], default: "sha256" }),
|
||||
rounds: s.number({ minimum: 1, maximum: 10 }).optional(),
|
||||
minLength: s.number({ default: 8, minimum: 1 }).optional(),
|
||||
})
|
||||
.strict();
|
||||
|
||||
@@ -37,7 +38,7 @@ export class PasswordStrategy extends AuthStrategy<typeof schema> {
|
||||
format: "email",
|
||||
}),
|
||||
password: s.string({
|
||||
minLength: 8, // @todo: this should be configurable
|
||||
minLength: this.config.minLength,
|
||||
}),
|
||||
});
|
||||
}
|
||||
@@ -65,12 +66,21 @@ export class PasswordStrategy extends AuthStrategy<typeof schema> {
|
||||
return await bcryptCompare(compare, actual);
|
||||
}
|
||||
|
||||
return false;
|
||||
return actual === compare;
|
||||
}
|
||||
|
||||
verify(password: string) {
|
||||
return async (user: User) => {
|
||||
const compare = await this.compare(user?.strategy_value!, password);
|
||||
if (!user || !user.strategy_value) {
|
||||
throw new InvalidCredentialsException();
|
||||
}
|
||||
|
||||
if (!this.getPayloadSchema().properties.password.validate(password).valid) {
|
||||
$console.debug("PasswordStrategy: Invalid password", password);
|
||||
throw new InvalidCredentialsException();
|
||||
}
|
||||
|
||||
const compare = await this.compare(user.strategy_value, password);
|
||||
if (compare !== true) {
|
||||
throw new InvalidCredentialsException();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user