Implement password verification using Argon2 and Bcrypt in login route

Author: ysdragon

src/server/routes/auth.ts

@@ -1,5 +1,6 @@
 import { Router } from 'express';
 import bcrypt from 'bcrypt';
+import argon2 from 'argon2';
 import config from '../../config.js';
 import logger from '../../utils/logger.js';
 
@@ -14,9 +15,29 @@ router.get("/login", (req, res) => {
 });
 
 // Login route - POST
-router.post("/login", (req, res) => {
+router.post("/login", async (req, res) => {
 	const { username, password } = req.body;
-	if (username === config.server_username && bcrypt.compareSync(password, config.server_password)) {
+	
+	let isPasswordMatch = false;
+	
+	// Check if the stored password is a hash or plain text
+	if (config.server_password.startsWith('$argon2')) {
+		// Argon2 hash
+		try {
+			isPasswordMatch = await argon2.verify(config.server_password, password);
+		} catch (err) {
+			logger.error("Error verifying argon2 password:", err);
+			isPasswordMatch = false;
+		}
+	} else if (config.server_password.startsWith('$2')) {
+		// Bcrypt hash
+		isPasswordMatch = await bcrypt.compare(password, config.server_password);
+	} else {
+		// Plain text (not recommended)
+		isPasswordMatch = password === config.server_password;
+	}
+	
+	if (username === config.server_username && isPasswordMatch) {
 		(req.session as { user?: unknown }).user = username;
 		res.redirect("/");
 	} else {