Replace bcrypt with crypto

package.json

@@ -15,14 +15,11 @@
   "author": "",
   "license": "BSD",
   "optionalDependencies": {
-    "bcrypt": "^5.1.1",
-    "bcryptjs": "^2.4.3",
     "sha.js": "^2.4.11"
   },
   "devDependencies": {
     "@balena/abstract-sql-compiler": "^9.2.0",
     "@balena/lint": "^8.2.7",
-    "@types/bcrypt": "^5.0.2",
     "@types/chai": "^4.3.16",
     "@types/chai-datetime": "^0.0.39",
     "@types/mocha": "^10.0.6",

src/types/hashed.ts

@@ -1,14 +1,6 @@
-import type * as Bcrypt from 'bcrypt';
-
+import * as crypto from 'crypto';
 import * as TypeUtils from '../type-utils';
 
-let bcrypt: typeof Bcrypt;
-try {
-	bcrypt = require('bcrypt');
-} catch {
-	bcrypt = require('bcryptjs');
-}
-
 export const types = {
 	postgres: 'CHAR(60)',
 	mysql: 'CHAR(60)',
@@ -26,11 +18,29 @@ export const validate: TypeUtils.Validate<Types['Write'], DbWriteType> =
 		if (typeof value !== 'string') {
 			throw new Error('is not a string');
 		}
-		const salt = await bcrypt.genSalt();
-		return bcrypt.hash(value, salt);
+		const salt = crypto.randomBytes(16).toString('hex');
+		return new Promise((resolve, reject) => {
+			crypto.pbkdf2(value, salt, 1000, 64, 'sha512', (err, derivedKey) => {
+				if (err) {
+					reject(err);
+				}
+				resolve(derivedKey.toString('hex'));
+			});
+		});
 	});
 
-export const compare: (
-	data: string | Buffer,
-	encrypted: string,
-) => Promise<boolean> = bcrypt.compare.bind(bcrypt);
+export const compare = (data: string | Buffer, encrypted: string) => {
+	return new Promise<boolean>((resolve, reject) => {
+		const [storedHash, storedSalt] = encrypted.split('$');
+		if (!storedSalt) {
+			reject(new Error('Invalid hash'));
+			return;
+		}
+		crypto.pbkdf2(data, storedSalt, 1000, 64, 'sha512', (err, derivedKey) => {
+			if (err) {
+				return reject(err);
+			}
+			resolve(storedHash === derivedKey.toString('hex'));
+		});
+	});
+};