jcoakley/dev1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Encrypted username in user_auth
All checks were successful
ci/woodpecker/manual/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Josh 2025-10-30 13:08:17 +00:00
parent c3a2d5e616
commit a53c02cc66
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
backend/server4.js
View File

@ -43,6 +43,15 @@ if (!CORS_ALLOWED_ORIGINS) {
process.exit(1); process.exit(1);
} }
// Username lookup helper (HMAC-SHA256 hash for encrypted username querying)
function usernameLookup(username) {
const USERNAME_INDEX_KEY = process.env.USERNAME_INDEX_SECRET || JWT_SECRET;
return crypto
.createHmac('sha256', USERNAME_INDEX_KEY)
.update(String(username).trim().toLowerCase())
.digest('hex');
}
// SendGrid configuration (match server2.js exactly) // SendGrid configuration (match server2.js exactly)
const SENDGRID_KEY = (process.env.SUPPORT_SENDGRID_API_KEY || '') const SENDGRID_KEY = (process.env.SUPPORT_SENDGRID_API_KEY || '')
.trim() .trim()
@ -817,12 +826,15 @@ app.post('/api/admin/auth/login', adminLoginLimiter, async (req, res) => {
} }
try { try {
// Use username_lookup hash for querying (username is encrypted)
const usernameLookupVal = usernameLookup(username);
const [authResults] = await pool.execute(` const [authResults] = await pool.execute(`
SELECT ua.user_id, ua.hashed_password SELECT ua.user_id, ua.hashed_password
FROM user_auth ua FROM user_auth ua
WHERE ua.username = ? WHERE ua.username_lookup = ?
LIMIT 1 LIMIT 1
`, [username]); `, [usernameLookupVal]);
if (!authResults || authResults.length === 0) { if (!authResults || authResults.length === 0) {
return res.status(401).json({ error: 'Invalid credentials' }); return res.status(401).json({ error: 'Invalid credentials' });