Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4ca93aa

Browse files
jeremyphilemonjeremyphilemon
authored
fix: mask differences in auth duration (#946)
1 parent 6e16f3b commit 4ca93aa

File tree

4 files changed

+40
-14
lines changed

4 files changed

+40
-14
lines changed

app/(auth)/auth.ts

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import Credentials from 'next-auth/providers/credentials';
55
import { getUser } from '@/lib/db/queries';
66

77
import { authConfig } from './auth.config';
8+
import { DUMMY_PASSWORD } from '@/lib/constants';
89

910
interface ExtendedSession extends Session {
1011
user: User;
@@ -22,11 +23,24 @@ export const {
2223
credentials: {},
2324
async authorize({ email, password }: any) {
2425
const users = await getUser(email);
25-
if (users.length === 0) return null;
26-
// biome-ignore lint: Forbidden non-null assertion.
27-
const passwordsMatch = await compare(password, users[0].password!);
26+
27+
if (users.length === 0) {
28+
await compare(password, DUMMY_PASSWORD);
29+
return null;
30+
}
31+
32+
const [user] = users;
33+
34+
if (!user.password) {
35+
await compare(password, DUMMY_PASSWORD);
36+
return null;
37+
}
38+
39+
const passwordsMatch = await compare(password, user.password);
40+
2841
if (!passwordsMatch) return null;
29-
return users[0] as any;
42+
43+
return user as any;
3044
},
3145
}),
3246
],

lib/constants.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,11 @@
1+
import { generateDummyPassword } from './utils';
2+
13
export const isProductionEnvironment = process.env.NODE_ENV === 'production';
24

35
export const isTestEnvironment = Boolean(
46
process.env.PLAYWRIGHT_TEST_BASE_URL ||
57
process.env.PLAYWRIGHT ||
68
process.env.CI_PLAYWRIGHT,
79
);
10+
11+
export const DUMMY_PASSWORD = generateDummyPassword();

lib/utils.ts

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,15 @@
1-
import type {
2-
CoreAssistantMessage,
3-
CoreToolMessage,
4-
Message,
5-
TextStreamPart,
6-
ToolInvocation,
7-
ToolSet,
8-
UIMessage,
1+
import {
2+
generateId,
3+
type CoreAssistantMessage,
4+
type CoreToolMessage,
5+
type Message,
6+
type UIMessage,
97
} from 'ai';
108
import { type ClassValue, clsx } from 'clsx';
119
import { twMerge } from 'tailwind-merge';
1210

13-
import type { DBMessage, Document } from '@/lib/db/schema';
11+
import type { Document } from '@/lib/db/schema';
12+
import { genSaltSync, hashSync } from 'bcrypt-ts';
1413

1514
export function cn(...inputs: ClassValue[]) {
1615
return twMerge(clsx(inputs));
@@ -163,3 +162,12 @@ export function getTrailingMessageId({
163162

164163
return trailingMessage.id;
165164
}
165+
166+
export function generateDummyPassword() {
167+
const password = generateId(12);
168+
169+
const salt = genSaltSync(10);
170+
const hash = hashSync(password, salt);
171+
172+
return hash;
173+
}

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "ai-chatbot",
3-
"version": "3.0.3",
3+
"version": "3.0.4",
44
"private": true,
55
"scripts": {
66
"dev": "next dev --turbo",

0 commit comments

Comments
 (0)