Implement secure password comparison in AuthLogin class

[coderabbitai]

The current implementation of the AuthLogin class in libs/web/src/services/AuthLogin.ts uses plain text password comparison. For enhanced security, it is recommended to use a secure password comparison method such as bcrypt.

Suggested Changes

1. Install bcrypt library.
2. Modify the login method in the AuthLogin class to use bcrypt.compare for password comparison.

Example:

import bcrypt from 'bcrypt';

export class AuthLogin {
  private sequelize: Sequelize;

  constructor(sequelize: Sequelize) {
    this.sequelize = sequelize;
  }

  async login(
    username: string,
    password: string
  ): Promise<Omit<UserAttributes, "id"> | null> {
    log.debug("AuthLogin.login");
    log.debug(`username: ${username}`);
    const user = await User.findOne({
      where: {
        username,
      },
    });

    if (!user || !(await bcrypt.compare(password, user.password))) {
      return null;
    }

    return {
      username: user.username,
      password: user.password,
    };
  }
}

References

• bcrypt documentation

This change will ensure that passwords are compared securely, enhancing the overall security of the authentication process.

Requested by: @drazisil
Related PR: #17 (comment)

[drazisil]

TODO:

• create ability to insert encrypted logins