From 50a6827bfd026693d43e17af01d5d09d73fa5305 Mon Sep 17 00:00:00 2001 From: Mannu Date: Sun, 17 May 2026 12:57:33 +0530 Subject: [PATCH] fix(admin): use bcrypt in admin password set to match signin verification Simple hash_ format stored by admin PATCH was incompatible with bcrypt verification in /api/auth/signin, causing "Invalid password" on login. Co-Authored-By: Claude Sonnet 4.6 --- src/app/api/admin/users/route.ts | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/src/app/api/admin/users/route.ts b/src/app/api/admin/users/route.ts index 109f9d9..8612c4f 100644 --- a/src/app/api/admin/users/route.ts +++ b/src/app/api/admin/users/route.ts @@ -1,6 +1,7 @@ import { NextResponse } from "next/server"; import { requireAdmin } from "@/lib/admin-auth"; import { sql } from "@/db"; +import bcrypt from "bcryptjs"; // GET all users export async function GET(request: Request) { @@ -100,19 +101,8 @@ export async function PATCH(request: Request) { return NextResponse.json({ error: "userId required" }, { status: 400 }); } - // Simple hash function - function hashPassword(pwd: string): string { - let hash = 0; - for (let i = 0; i < pwd.length; i++) { - const char = pwd.charCodeAt(i); - hash = ((hash << 5) - hash) + char; - hash = hash & hash; - } - return "hash_" + hash.toString(16); - } - if (password) { - const passwordHash = hashPassword(password); + const passwordHash = await bcrypt.hash(password, 12); await sql` UPDATE users SET password_hash = ${passwordHash}, password_updated_at = NOW(), updated_at = NOW() WHERE id = ${userId}