no, I meant when it comes to security.. stck code..
are we using resen
This commit is contained in:
Leon Serfaty G
Generated
+928
-5047
File diff suppressed because it is too large
Load Diff
+2
-1
@@ -13,7 +13,6 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@hookform/resolvers": "^3.4.2",
|
||||
"@next-auth/better-sqlite3-adapter": "^0.3.1",
|
||||
"@radix-ui/react-accordion": "^1.2.0",
|
||||
"@radix-ui/react-alert-dialog": "^1.1.1",
|
||||
"@radix-ui/react-avatar": "^1.1.0",
|
||||
@@ -36,6 +35,7 @@
|
||||
"@radix-ui/react-toast": "^1.2.1",
|
||||
"@radix-ui/react-tooltip": "^1.1.2",
|
||||
"better-sqlite3": "^9.6.0",
|
||||
"bcrypt": "^5.1.1",
|
||||
"class-variance-authority": "^0.7.0",
|
||||
"clsx": "^2.1.1",
|
||||
"date-fns": "^3.6.0",
|
||||
@@ -58,6 +58,7 @@
|
||||
"zod": "^3.23.8"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/bcrypt": "^5.0.2",
|
||||
"@types/better-sqlite3": "^7.6.10",
|
||||
"@types/node": "^20.14.2",
|
||||
"@types/nodemailer": "^6.4.14",
|
||||
|
||||
+27
-9
@@ -1,9 +1,10 @@
|
||||
|
||||
import Database from 'better-sqlite3';
|
||||
import bcrypt from 'bcrypt';
|
||||
|
||||
const db = new Database('local.db');
|
||||
|
||||
function seed() {
|
||||
async function seed() {
|
||||
console.log('Seeding database with settings and email templates...');
|
||||
|
||||
// Create settings table if it doesn't exist
|
||||
@@ -98,15 +99,32 @@ function seed() {
|
||||
console.log('Default email template updated.');
|
||||
}
|
||||
|
||||
// Hash password for default user
|
||||
const userStmt = db.prepare('SELECT id, password FROM users WHERE email = ?');
|
||||
const defaultUser = userStmt.get('admin@example.com') as { id: string, password?: string };
|
||||
|
||||
if (defaultUser && (!defaultUser.password || !defaultUser.password.startsWith('$2b$'))) {
|
||||
console.log('Default user has plain text password. Hashing now...');
|
||||
const hashedPassword = await bcrypt.hash('password', 10);
|
||||
const updateUser = db.prepare('UPDATE users SET password = ? WHERE id = ?');
|
||||
updateUser.run(hashedPassword, defaultUser.id);
|
||||
console.log('Default user password has been hashed.');
|
||||
}
|
||||
|
||||
|
||||
console.log('Seeding complete.');
|
||||
}
|
||||
|
||||
try {
|
||||
seed();
|
||||
} catch (e) {
|
||||
console.error('Seeding failed:');
|
||||
console.error(e);
|
||||
process.exit(1);
|
||||
} finally {
|
||||
db.close();
|
||||
async function runSeed() {
|
||||
try {
|
||||
await seed();
|
||||
} catch (e) {
|
||||
console.error('Seeding failed:');
|
||||
console.error(e);
|
||||
process.exit(1);
|
||||
} finally {
|
||||
db.close();
|
||||
}
|
||||
}
|
||||
|
||||
runSeed();
|
||||
|
||||
+3
-4
@@ -5,6 +5,7 @@ import { z } from 'zod';
|
||||
import { getUserByEmail } from '@/lib/actions/user';
|
||||
import getDb from './lib/db';
|
||||
import { BetterSqlite3Adapter } from '@next-auth/better-sqlite3-adapter';
|
||||
import bcrypt from 'bcrypt';
|
||||
|
||||
const db = getDb();
|
||||
|
||||
@@ -28,9 +29,7 @@ export const authOptions: NextAuthOptions = {
|
||||
const user = await getUserByEmail(email);
|
||||
if (!user || !user.password) return null;
|
||||
|
||||
// This is a temporary solution for the demo.
|
||||
// In a real application, you should hash and compare passwords securely.
|
||||
const passwordsMatch = password === user.password;
|
||||
const passwordsMatch = await bcrypt.compare(password, user.password);
|
||||
|
||||
if (passwordsMatch) {
|
||||
return { id: user.id, name: user.name, email: user.email };
|
||||
@@ -64,4 +63,4 @@ export const authOptions: NextAuthOptions = {
|
||||
}
|
||||
};
|
||||
|
||||
export const { handlers, auth, signIn, signOut } = NextAuth(authOptions);
|
||||
export const { handlers, auth, signIn, signOut } = NextAuth(authOptions);
|
||||
|
||||
@@ -5,6 +5,7 @@ import { z } from 'zod';
|
||||
import getDb from '@/lib/db';
|
||||
import { revalidatePath } from 'next/cache';
|
||||
import { auth } from '@/auth';
|
||||
import bcrypt from 'bcrypt';
|
||||
|
||||
const formSchema = z.object({
|
||||
name: z.string().min(1, 'Name is required'),
|
||||
@@ -78,10 +79,10 @@ export async function updateUser(data: UserFormValues): Promise<{ success: boole
|
||||
}
|
||||
|
||||
if (password && password.length > 0) {
|
||||
// If a new password is provided, update it along with name and email
|
||||
// If a new password is provided, hash it and update it along with name and email
|
||||
const hashedPassword = await bcrypt.hash(password, 10);
|
||||
const stmt = db.prepare('UPDATE users SET name = ?, email = ?, password = ? WHERE id = ?');
|
||||
// In a real app, hash the password! For this example, we store it as plain text.
|
||||
stmt.run(name, email, password, userId);
|
||||
stmt.run(name, email, hashedPassword, userId);
|
||||
} else {
|
||||
// If no new password, only update name and email
|
||||
const stmt = db.prepare('UPDATE users SET name = ?, email = ? WHERE id = ?');
|
||||
|
||||
Reference in New Issue
Block a user