Scene 1
After finishing a pbkdf2-based password hashing module and deploying, the website instantly exploded.
Upon loading, I got:
1 | TypeError: can't access property "from", n is undefined |
I asked ChatGPT and StackOverflow, but I have no idea what the meow is going on! So I stopped programming for a while.
After several minutes, it came to me that I’d better run it locally, so that variable names are not obsfucated. I got:
1 | TypeError: can't access property "from", Buffer is undefined |
I checked the code, and noticed that the Buffer
comes from buffer.Buffer
. I asked ChatGPT and StackOverflow again, still not getting any clues. So I gave up again.
Fix
After several hours, I decided to try again. Just when I’m about to give up, I tried installing buffer
library, and everything worked!
It seemed that pbkdf2
library can’t resolve it’s dependencies well, this is why JS is bad.
Scene 2
A JavaScript function terminated the whole call stack without throwing an error. This is what happened to my blood pressure.
I changed my code to:
1 | export function hash(password, saltString) { |
and I got 3 zeros being logged. The pbkdf2
meowed up again!
I changed the code to the following, to see if it’s because type of salt
changed to TypedArray
:
1 | export function hash(password, saltString) { |
The function stuck at the second pbkdf2Sync
! Note that salt
is indeed a Uint8Array(32)
, and this actually works in account frontend!
Let’s do a comparison:
Code in account-frontend
1 | export function hash(password, salt) { |
1 | hashing password with salt 237,154,219,59,23,19,10,206,7,62,20,221,187,178,16,34,27,129,234,68,237,195,38,224,75,61,124,108,96,44,222,129 |
Code in cloud-ide
1 | export function hash(password, saltStr) { |
1 | hashing password with salt 237,154,219,59,23,19,10,206,7,62,20,221,187,178,16,34,27,129,234,68,237,195,38,224,75,61,124,108,96,44,222,129 |
And nothing following!
I made a better comparison:
1 | export function hash(password, saltStr) { |
The first call of pbkdf2Sync
failed!
Fix
Reinstalling pbkdf2
package solves the problem.