chore(root): migrate to biome

packages/common/server/crypto.ts

@@ -0,0 +1,61 @@
+import {
+  createHash as cryptoCreateHash,
+  randomBytes,
+  scrypt,
+  timingSafeEqual,
+} from 'node:crypto';
+
+export function generateSalt() {
+  return randomBytes(16).toString('hex');
+}
+
+/**
+ * Has a password or a secret with a password hashing algorithm (scrypt)
+ * @param {string} password
+ * @returns {string} The salt+hash
+ */
+export async function hashPassword(
+  password: string,
+  keyLength = 32,
+): Promise<string> {
+  return new Promise((resolve, reject) => {
+    // generate random 16 bytes long salt - recommended by NodeJS Docs
+    const salt = generateSalt();
+    scrypt(password, salt, keyLength, (err, derivedKey) => {
+      if (err) reject(err);
+      // derivedKey is of type Buffer
+      resolve(`${salt}.${derivedKey.toString('hex')}`);
+    });
+  });
+}
+
+/**
+ * Compare a plain text password with a salt+hash password
+ * @param {string} password The plain text password
+ * @param {string} hash The hash+salt to check against
+ * @returns {boolean}
+ */
+export async function verifyPassword(
+  password: string,
+  hash: string,
+  keyLength = 32,
+): Promise<boolean> {
+  return new Promise((resolve, reject) => {
+    const [salt, hashKey] = hash.split('.');
+    // we need to pass buffer values to timingSafeEqual
+    const hashKeyBuff = Buffer.from(hashKey!, 'hex');
+    scrypt(password, salt!, keyLength, (err, derivedKey) => {
+      if (err) {
+        reject(err);
+      }
+      // compare the new supplied password with the hashed password using timeSafeEqual
+      resolve(timingSafeEqual(hashKeyBuff, derivedKey));
+    });
+  });
+}
+
+export function createHash(data: string, len: number) {
+  return cryptoCreateHash('shake256', { outputLength: len })
+    .update(data)
+    .digest('hex');
+}