-
-
Notifications
You must be signed in to change notification settings - Fork 505
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: switch to hash @node-rs/argon2 breaks sveltekit production builds #1567
Comments
Tried now other node versions eg. node 18 Any help would be greatly appreciated. |
Is it an issue with Lucia or Oslo? |
Not sure.. if you install: npm i -D @sveltejs/adapter-node switch hash algorithm to: npm run build I am getting same error |
Also running into this issue for what it's worth, but even running locally doesn't work on my end. Currently looking into a work around |
I ve made a mistake in my own project..., let me correct my comment: so at least I have a workaround for the moment. |
Ah so you're using the adapter-node. Is Oslo/Argon installed as a dev dependency? |
Argon is neither listed as dev nor "standard" dependency. |
I'm not really following here. Is it an issue with Oslo or napi-rs? Lucia doesn't have a dependency on the latter |
Its about these imports given in code example on the following page: |
[sveltekit] having same issue here is the errors that i'm receiving : the first : @node-rs/argon2-darwin-x64
the second : @node-rs/bcrypt-darwin-x64
|
@LargatSeif Try adding this to your
|
this worked thanks 🙏 |
Is this a bug or just something we need to add to the docs? |
Something funky must have happened with one of the Probably safe to call it "not a bug" unless @vhochstein is still having issues. |
I get a similar error when using it in Next.js. I'm sure this is related to node-rs/argon2 as I got a similar error when using the below code: import { hash } from "@node-rs/argon2";
...
const passwordHash = await hash(password, {
// recommended minimum parameters
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1
}); When I following the Next.js example with import { Argon2id } from "oslo/password";
...
// hasing pw
const hashedPassword = await new Argon2id().hash(password);
// verifying pw
const validPassword = await new Argon2id().verify(existingUser.password, password); btw, huge fan of your library! |
The "Unexpected character" issue seems to be an issue with bundlers not handling EDIT: I fixed it in SvelteKit by explicitly adding @node-rs/argon2 to "dependencies" of my SvelteKit app (even though it's the dependancy of a library package in my monorepo) and adding @node-rs/argon2 to |
Hi, I am getting this error, but for Next.JS:
NOTE: as per the documentation on lucia, I have already added
to my next.config.js file, but no luck |
OOOKK, Sooo... I discovered that the problem was that I was using So, since Solution: I installed @node-rs/argon2 directly on my next.js app, so it appears on its package.json. Then, the serverComponentsExternalPackages works correctly. If you are on a monorepo, make sure this package is installed directly, even if it is only being undirectly being used by next.js |
I still get this problem when using
|
@SolidTux |
thanks @dBianchii it worked for me! |
Is there any better solution? I keep bouncing between my app building and not building even though I have all these dependencies in regular dependencies.
|
what pure js library would you recommend to replace it? currently I'm using something like this (just copied it from SO) import { randomBytes, scryptSync } from 'crypto';
// Pass the password string and get hashed password back
// ( and store only the hashed string in your database)
function encryptPassword(password: string, salt: string) {
return scryptSync(password, salt, 32).toString('hex');
}
/**
* Hash password with random salt
* @return {string} password hash followed by salt
* XXXX till 64 XXXX till 32
*
*/
export function hash(password: string) {
// Any random string here (ideally should be at least 16 bytes)
const salt = randomBytes(16).toString('hex');
return encryptPassword(password, salt) + salt;
}
// fetch the user from your db and then use this function
/**
* Match password against the stored hash
*/
export function verify(hash: string, password: string) {
// extract salt from the hashed string
// our hex password length is 32*2 = 64
const salt = hash.slice(64);
const originalPassHash = hash.slice(0, 64);
const currentPassHash = encryptPassword(password, salt);
return originalPassHash === currentPassHash;
}
export function simpleHash(password: string) {
let hash = 0;
let char = 0;
if (password.length === 0) return hash.toString();
for (let index = 0; index < password.length; index++) {
char = password.charCodeAt(index);
hash = (hash << 5) - hash + char;
hash |= 0; // Convert to 32bit integer
}
return hash.toString();
}
export function simpleVerify(hash: string, password: string) {
return hash === simpleHash(password);
} |
Package
lucia
Describe the bug
Latest versions of Lucia are relying upon: import { hash } from "@node-rs/argon2";
That one is breaking npm run build for sveltekit projects.
Please see error below.
node: v20.11.1
/Users/volkerhochstein/projects/node/magic-pull/node_modules/@node-rs/argon2-android-arm-eabi/argon2.android-arm-eabi.node error during build: RollupError: Unexpected character '\u{7f}' at getRollupError (file:///Users/volkerhochstein/projects/node/magic-pull/node_modules/rollup/dist/es/shared/parseAst.js:380:41) at ParseError.initialise (file:///Users/volkerhochstein/projects/node/magic-pull/node_modules/rollup/dist/es/shared/node-entry.js:11172:28) at convertNode (file:///Users/volkerhochstein/projects/node/magic-pull/node_modules/rollup/dist/es/shared/node-entry.js:12914:1
Looks like there is already a corresponding ticket open in node-rs/argon2,
napi-rs/node-rs#816
If I use "old style" to create hash and verification eg:
return await new Argon2id().hash(password);
and remove import for node-rs/argon2 prod build npm task is working
building in dev mode is working without any issue for both hashing solutions
What do you suggest to do, currently I do not know how to work around this ?
Thanks a lot for your support
The text was updated successfully, but these errors were encountered: