jarvis/dd0c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add maxmem to scrypt params (128MB)
Some checks failed
CI — P2 Drift (Go + Node) / agent (push) Successful in 38s
Details
CI — P2 Drift (Go + Node) / saas (push) Successful in 25s
Details
CI — P3 Alert / test (push) Successful in 25s
Details
CI — P4 Portal / test (push) Successful in 32s
Details
CI — P5 Cost / test (push) Successful in 35s
Details
CI — P6 Run / saas (push) Successful in 32s
Details
CI — P2 Drift (Go + Node) / build-push (push) Failing after 16s
Details
CI — P3 Alert / build-push (push) Failing after 15s
Details
CI — P4 Portal / build-push (push) Failing after 40s
Details
CI — P5 Cost / build-push (push) Failing after 41s
Details
CI — P6 Run / build-push (push) Failing after 42s
Details

Browse Source 
Node's OpenSSL defaults to 32MB scrypt memory limit but N=65536/r=8/p=1
needs ~64MB. Adds maxmem: 128*1024*1024 to all 5 services' hash and
verify functions.
This commit is contained in:
Protocol dd0c Agent
2026-03-03 05:11:37 +00:00
parent e16f322869
commit 1d068c3f75
5 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
products/02-iac-drift-detection/saas/src/auth/middleware.ts
View File

@@ -96,7 +96,7 @@ export function signToken(payload: AuthPayload, secret: string, expiresIn = '24h
async function hashPassword(password: string): Promise<string> { async function hashPassword(password: string): Promise<string> {
const salt = crypto.randomBytes(16).toString('hex'); const salt = crypto.randomBytes(16).toString('hex');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(`${salt}:${derived.toString('hex')}`); resolve(`${salt}:${derived.toString('hex')}`);
}); });
@@ -106,7 +106,7 @@ async function hashPassword(password: string): Promise<string> {
async function verifyPassword(password: string, hash: string): Promise<boolean> { async function verifyPassword(password: string, hash: string): Promise<boolean> {
const [salt, key] = hash.split(':'); const [salt, key] = hash.split(':');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived)); resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived));
}); });

4
products/03-alert-intelligence/src/auth/middleware.ts
View File

@@ -96,7 +96,7 @@ export function signToken(payload: AuthPayload, secret: string, expiresIn = '24h
async function hashPassword(password: string): Promise<string> { async function hashPassword(password: string): Promise<string> {
const salt = crypto.randomBytes(16).toString('hex'); const salt = crypto.randomBytes(16).toString('hex');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(`${salt}:${derived.toString('hex')}`); resolve(`${salt}:${derived.toString('hex')}`);
}); });
@@ -106,7 +106,7 @@ async function hashPassword(password: string): Promise<string> {
async function verifyPassword(password: string, hash: string): Promise<boolean> { async function verifyPassword(password: string, hash: string): Promise<boolean> {
const [salt, key] = hash.split(':'); const [salt, key] = hash.split(':');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived)); resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived));
}); });

4
products/04-lightweight-idp/src/auth/middleware.ts
View File

@@ -96,7 +96,7 @@ export function signToken(payload: AuthPayload, secret: string, expiresIn = '24h
async function hashPassword(password: string): Promise<string> { async function hashPassword(password: string): Promise<string> {
const salt = crypto.randomBytes(16).toString('hex'); const salt = crypto.randomBytes(16).toString('hex');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(`${salt}:${derived.toString('hex')}`); resolve(`${salt}:${derived.toString('hex')}`);
}); });
@@ -106,7 +106,7 @@ async function hashPassword(password: string): Promise<string> {
async function verifyPassword(password: string, hash: string): Promise<boolean> { async function verifyPassword(password: string, hash: string): Promise<boolean> {
const [salt, key] = hash.split(':'); const [salt, key] = hash.split(':');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived)); resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived));
}); });

4
products/05-aws-cost-anomaly/src/auth/middleware.ts
View File

@@ -96,7 +96,7 @@ export function signToken(payload: AuthPayload, secret: string, expiresIn = '24h
async function hashPassword(password: string): Promise<string> { async function hashPassword(password: string): Promise<string> {
const salt = crypto.randomBytes(16).toString('hex'); const salt = crypto.randomBytes(16).toString('hex');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(`${salt}:${derived.toString('hex')}`); resolve(`${salt}:${derived.toString('hex')}`);
}); });
@@ -106,7 +106,7 @@ async function hashPassword(password: string): Promise<string> {
async function verifyPassword(password: string, hash: string): Promise<boolean> { async function verifyPassword(password: string, hash: string): Promise<boolean> {
const [salt, key] = hash.split(':'); const [salt, key] = hash.split(':');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived)); resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived));
}); });

4
products/06-runbook-automation/saas/src/auth/middleware.ts
View File

@@ -96,7 +96,7 @@ export function signToken(payload: AuthPayload, secret: string, expiresIn = '24h
async function hashPassword(password: string): Promise<string> { async function hashPassword(password: string): Promise<string> {
const salt = crypto.randomBytes(16).toString('hex'); const salt = crypto.randomBytes(16).toString('hex');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(`${salt}:${derived.toString('hex')}`); resolve(`${salt}:${derived.toString('hex')}`);
}); });
@@ -106,7 +106,7 @@ async function hashPassword(password: string): Promise<string> {
async function verifyPassword(password: string, hash: string): Promise<boolean> { async function verifyPassword(password: string, hash: string): Promise<boolean> {
const [salt, key] = hash.split(':'); const [salt, key] = hash.split(':');
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1 }, (err, derived) => { crypto.scrypt(password, salt, 64, { N: 65536, r: 8, p: 1, maxmem: 128 * 1024 * 1024 }, (err, derived) => {
if (err) reject(err); if (err) reject(err);
resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived)); resolve(crypto.timingSafeEqual(Buffer.from(key, 'hex'), derived));
}); });