doc: Fix 'pbkdf2Sync' encoding problem (#1805)

Maledong · web-flow · commit 9f95cf9b30cd · 2018-09-17T09:20:09.000+08:00
Ref: #1796. Since the '/newUser' request is encoded by 'sha512', and your corresponding '/auth' must also use 'sha512' as the digest encoding as well.
diff --git a/locale/en/docs/guides/simple-profiling.md b/locale/en/docs/guides/simple-profiling.md
@@ -63,9 +63,10 @@ app.get('/auth', (req, res) => {
     return res.sendStatus(400);
   }
 
-  const hash = crypto.pbkdf2Sync(password, users[username].salt, 10000, 512);
+  const { salt, hash } = users[username];
+  const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');
 
-  if (users[username].hash.toString() === hash.toString()) {
+  if (crypto.timingSafeEqual(hash, encryptHash)) {
     res.sendStatus(200);
   } else {
     res.sendStatus(401);
diff --git a/locale/ko/docs/guides/simple-profiling.md b/locale/ko/docs/guides/simple-profiling.md
@@ -114,9 +114,10 @@ app.get('/auth', (req, res) => {
     return res.sendStatus(400);
   }
 
-  const hash = crypto.pbkdf2Sync(password, users[username].salt, 10000, 512);
+  const { salt, hash } = users[username];
+  const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');
 
-  if (users[username].hash.toString() === hash.toString()) {
+  if (crypto.timingSafeEqual(hash, encryptHash)) {
     res.sendStatus(200);
   } else {
     res.sendStatus(401);
@@ -136,9 +137,10 @@ app.get('/auth', (req, res) => {
     return res.sendStatus(400);
   }
 
-  const hash = crypto.pbkdf2Sync(password, users[username].salt, 10000, 512);
+  const { salt, hash } = users[username];
+  const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');
 
-  if (users[username].hash.toString() === hash.toString()) {
+  if (crypto.timingSafeEqual(hash, encryptHash)) {
     res.sendStatus(200);
   } else {
     res.sendStatus(401);
diff --git a/locale/uk/docs/guides/simple-profiling.md b/locale/uk/docs/guides/simple-profiling.md
@@ -63,9 +63,10 @@ app.get('/auth', (req, res) => {
     return res.sendStatus(400);
   }
 
-  const hash = crypto.pbkdf2Sync(password, users[username].salt, 10000, 512);
+  const { salt, hash } = users[username];
+  const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');
 
-  if (users[username].hash.toString() === hash.toString()) {
+  if (crypto.timingSafeEqual(hash, encryptHash)) {
     res.sendStatus(200);
   } else {
     res.sendStatus(401);
diff --git a/locale/zh-cn/docs/guides/simple-profiling.md b/locale/zh-cn/docs/guides/simple-profiling.md
@@ -52,9 +52,10 @@ app.get('/auth', (req, res) => {
     return res.sendStatus(400);
   }
 
-  const hash = crypto.pbkdf2Sync(password, users[username].salt, 10000, 512);
+  const { salt, hash } = users[username];
+  const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');
 
-  if (users[username].hash.toString() === hash.toString()) {
+  if (crypto.timingSafeEqual(hash, encryptHash)) {
     res.sendStatus(200);
   } else {
     res.sendStatus(401);
