1
0
Fork 0
forked from svrjs/svrjs

Lifted PBKDF2 restrictions on Bun 1.1.13 and later.

This commit is contained in:
Dorian Niemiec 2024-06-13 15:21:02 +02:00
parent 2c2ca100a4
commit c05b8f8d00
2 changed files with 3 additions and 3 deletions

4
svr.js
View file

@ -5079,9 +5079,9 @@ function start(init) {
if (configJSON.enableHTTP2 && !secure) serverconsole.locwarnmessage("HTTP/2 without HTTPS may not work in web browsers. Web browsers only support HTTP/2 with HTTPS!");
if (process.isBun) {
serverconsole.locwarnmessage("Bun support is experimental. Some features of SVR.JS, SVR.JS mods and SVR.JS server-side JavaScript may not work as expected.");
if (users.some(function (entry) {
if (process.isBun && !(process.versions.bun && !process.versions.bun.match(/^(?:0\.|1\.0\.|1\.1\.[0-9](?![0-9])|1\.1\.1[0-2](?![0-9]))/)) && users.some(function (entry) {
return entry.pbkdf2;
})) serverconsole.locwarnmessage("PBKDF2 password hashing function in Bun blocks the event loop, which may result in denial of service.");
})) serverconsole.locwarnmessage("PBKDF2 password hashing function in Bun versions older than v1.1.13 blocks the event loop, which may result in denial of service.");
}
if (cluster.isPrimary === undefined) serverconsole.locwarnmessage("You're running SVR.JS on single thread. Reliability may suffer, as the server is stopped after crash.");
if (crypto.__disabled__ !== undefined) serverconsole.locwarnmessage("Your Node.JS version doesn't have crypto support! The 'crypto' module is essential for providing cryptographic functionality in Node.JS. Without crypto support, certain security features may be unavailable, and some functionality may not work as expected. It's recommended to use a Node.JS version that includes crypto support to ensure the security and proper functioning of your server.");

View file

@ -338,7 +338,7 @@ function promptAlgorithms(callback, bypass, pbkdf2, scrypt) {
pbkdf2: "PBKDF2 (PBKDF2-HMAC-SHA512, 36250 iterations) - more secure and uses less memory, but slower",
scrypt: "scrypt (N=2^14, r=8, p=1) - faster and more secure, but uses more memory"
}
if (!crypto.pbkdf2 || process.isBun) delete algorithms.pbkdf2;
if (!crypto.pbkdf2 || (process.isBun && !(process.versions.bun && !process.versions.bun.match(/^(?:0\.|1\.0\.|1\.1\.[0-9](?![0-9])|1\.1\.1[0-2](?![0-9]))/)))) delete algorithms.pbkdf2;
var algorithmNames = Object.keys(algorithms);
if (algorithmNames.length < 2) callback(algorithmNames[0]);
console.log("Select password hashing algorithm. Available algorithms:");