Lines 408-448javascript
408 const version = parts[1]; // e.g., "2a"
409 const costFromHash = parts[2]; // e.g., "10"
410 // The actual bcrypt encoded data is in parts[3] (53 chars: 22 salt + 31 hash)
411 const bcryptData = parts[3];
413 // Return as object to avoid base64 encoding/decoding issues
414 return { version, cost: parseInt(costFromHash, 10), costString: costFromHash, bcryptData };
418 * Verify a password against a bcrypt hash
419 * @param {string} password
420 * @param {Buffer} salt - Ignored for bcrypt
421 * @param {Object} hashObject - Object with version, costString and bcryptData from our storage
422 * @param {Object} params - { cost }
423 * @returns {Promise<boolean>}
425 async verify(password, salt, hashObject, params) {
426 // DEBUG: Log the inputs
427 console.log('DEBUG bcrypt.verify:');
428 console.log(' password:', typeof password === 'string' ? `'${password}'` : password);
MediumSecret Pattern
Package contains a possible secret pattern.
src/core/passwordHasher.jsView on unpkg · L428 429 console.log(' salt:', salt);
430 console.log(' hashObject:', hashObject);
431 console.log(' params:', params);
433 const version = hashObject.version || '2b';
434 const costString = hashObject.costString || String(params.cost || 12);
435 const bcryptData = hashObject.bcryptData;
437 // DEBUG: Log extracted values
438 console.log(' extracted version:', version);
439 console.log(' extracted costString:', costString);
440 console.log(' extracted bcryptData:', bcryptData);
442 // Reconstruct the bcrypt hash
443 const bcryptHash = `$${version}\$${costString}$${bcryptData}`;
444 console.log(' reconstructed bcryptHash:', bcryptHash);
446 const result = await this.bcryptjs.compare(password, bcryptHash);
447 console.log(' bcrypt.compare result:', result);