From 2c089d7969bab72a82ecb2899630a13f3fb76ecd Mon Sep 17 00:00:00 2001
From: bekacru <bekacru@gmail.com>
Date: Mon, 20 May 2024 22:53:24 +0300
Subject: [PATCH] feat: add salting to password

---
 packages/better-auth/src/crypto/password.ts      | 13 ++++++++++---
 packages/better-auth/src/providers/credential.ts |  2 +-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/packages/better-auth/src/crypto/password.ts b/packages/better-auth/src/crypto/password.ts
index f5c5bbcc7a..5011438150 100644
--- a/packages/better-auth/src/crypto/password.ts
+++ b/packages/better-auth/src/crypto/password.ts
@@ -1,11 +1,18 @@
 import * as argon2 from "argon2";
+import { generateRandomString } from "./random";
 
-export const hashPassword = async (password: string) => {
-	return argon2.hash(password, {
+export const hashPassword = async (password: string, secret: string) => {
+	const salt = generateRandomString(12);
+	const hash = await argon2.hash(password, {
 		type: argon2.argon2id,
+		salt,
+		secret,
 	});
+	return `${hash}$${salt}`;
 };
 
 export const validatePassword = async (password: string, hash: string) => {
-	return argon2.verify(hash, password);
+	const [hashPart, salt] = hash.split("$");
+	if (!hashPart || !salt) return false;
+	return argon2.verify(hashPart, password);
 };
diff --git a/packages/better-auth/src/providers/credential.ts b/packages/better-auth/src/providers/credential.ts
index fee6ef385d..2a0b18a37f 100644
--- a/packages/better-auth/src/providers/credential.ts
+++ b/packages/better-auth/src/providers/credential.ts
@@ -93,7 +93,7 @@ export const credential = <O extends CredentialOption>(options?: O) => {
 				{
 					user: {
 						...data,
-						["password"]: await hashPassword(data["password"]),
+						["password"]: await hashPassword(data["password"], context.secret),
 						emailVerified: false,
 					},
 					account: {