Admin role added, dev side has hot reload again, characters AND groups tied to accounts now.

2026-01-28 23:43:02 +00:00
parent 8e92c28272
commit 3cec7abee9
48 changed files with 6139 additions and 45 deletions
--- a/server/src/utils/blake2.ts
+++ b/server/src/utils/blake2.ts
@@ -0,0 +1,35 @@
+import blake2b from 'blakejs';
+
+const BACKEND_SECRET = process.env.BACKEND_SECRET || 'changeme_secret_key_for_production';
+
+/**
+ * Hash a token with Blake2b-256 (2 iterations).
+ * This must match the Spring/Rust implementation exactly:
+ * - Uses Blake2b-256 (32 bytes output)
+ * - 2 iterations of hashing
+ * - Combines token + secret + salt (group name)
+ * - Returns hex-encoded hash (64 characters)
+ */
+export function hashToken(token: string, salt: string): string {
+  // First iteration: hash(token + secret + salt)
+  const input1 = token + BACKEND_SECRET + salt;
+  const hash1 = blake2b.blake2b(input1, undefined, 32);
+
+  // Second iteration: hash(hash1)
+  const hash2 = blake2b.blake2b(hash1, undefined, 32);
+
+  // Return hex-encoded (lowercase)
+  return Buffer.from(hash2).toString('hex').toLowerCase();
+}
+
+/**
+ * Verify if a token matches the stored hash.
+ */
+export function verifyToken(token: string, salt: string, storedHash: string): boolean {
+  try {
+    const computedHash = hashToken(token, salt);
+    return computedHash === storedHash.toLowerCase();
+  } catch {
+    return false;
+  }
+}