feat: add salting to password

packages/better-auth/src/crypto/password.ts

@@ -1,11 +1,18 @@
 import * as argon2 from "argon2";
+import { generateRandomString } from "./random";
 
-export const hashPassword = async (password: string) => {
-	return argon2.hash(password, {
+export const hashPassword = async (password: string, secret: string) => {
+	const salt = generateRandomString(12);
+	const hash = await argon2.hash(password, {
 		type: argon2.argon2id,
+		salt,
+		secret,
 	});
+	return `${hash}$${salt}`;
 };
 
 export const validatePassword = async (password: string, hash: string) => {
-	return argon2.verify(hash, password);
+	const [hashPart, salt] = hash.split("$");
+	if (!hashPart || !salt) return false;
+	return argon2.verify(hashPart, password);
 };

packages/better-auth/src/providers/credential.ts

@@ -93,7 +93,7 @@ export const credential = <O extends CredentialOption>(options?: O) => {
 				{
 					user: {
 						...data,
-						["password"]: await hashPassword(data["password"]),
+						["password"]: await hashPassword(data["password"], context.secret),
 						emailVerified: false,
 					},
 					account: {