Using scrypt instead of Argon2 given it is a pure JS implementation and noders-argon2 rust implementation has issues on Vite/Vercel/etc.

package.json

@@ -31,7 +31,7 @@
 		"@sveltejs/adapter-auto": "^3.2.5",
 		"@sveltejs/enhanced-img": "^0.3.8",
 		"@sveltejs/kit": "^2.5.28",
-		"@sveltejs/vite-plugin-svelte": "^3.1.2",
+		"@sveltejs/vite-plugin-svelte": "4.0.0-next.7",
 		"@types/cookie": "^0.6.0",
 		"@types/node": "^20.16.5",
 		"@types/pg": "^8.11.10",

pnpm-lock.yaml

@@ -64,10 +64,10 @@ importers:
         version: 2.2.2
       '@sveltejs/adapter-node':
         specifier: ^5.2.3
-        version: 5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))
+        version: 5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))
       '@sveltejs/adapter-vercel':
         specifier: ^5.4.4
-        version: 5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))
+        version: 5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))
       '@types/feather-icons':
         specifier: ^4.29.4
         version: 4.29.4
@@ -106,7 +106,7 @@ importers:
         version: 4.29.2
       formsnap:
         specifier: ^1.0.1
-        version: 1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175))
+        version: 1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175))
       handlebars:
         specifier: ^4.7.8
         version: 4.7.8
@@ -197,16 +197,16 @@ importers:
         version: 1.47.2
       '@sveltejs/adapter-auto':
         specifier: ^3.2.5
-        version: 3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))
+        version: 3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))
       '@sveltejs/enhanced-img':
         specifier: ^0.3.8
         version: 0.3.8(rollup@4.21.2)(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       '@sveltejs/kit':
         specifier: ^2.5.28
-        version: 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+        version: 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       '@sveltejs/vite-plugin-svelte':
-        specifier: ^3.1.2
+        specifier: 4.0.0-next.7
-        version: 3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+        version: 4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       '@types/cookie':
         specifier: ^0.6.0
         version: 0.6.0
@@ -296,10 +296,10 @@ importers:
         version: 2.0.1
       sveltekit-flash-message:
         specifier: ^2.4.4
-        version: 2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)
+        version: 2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)
       sveltekit-superforms:
         specifier: ^2.18.1
-        version: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)
+        version: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)
       tailwindcss:
         specifier: ^3.4.12
         version: 3.4.12(ts-node@10.9.2(@types/node@20.16.5)(typescript@5.6.2))
@@ -2017,19 +2017,19 @@ packages:
       svelte: ^4.0.0 || ^5.0.0-next.0
       vite: ^5.0.3
 
-  '@sveltejs/vite-plugin-svelte-inspector@2.1.0':
+  '@sveltejs/vite-plugin-svelte-inspector@3.0.0-next.3':
-    resolution: {integrity: sha512-9QX28IymvBlSCqsCll5t0kQVxipsfhFFL+L2t3nTWfXnddYwxBuAEtTtlaVQpRz9c37BhJjltSeY4AJSC03SSg==}
+    resolution: {integrity: sha512-kuGJ2CZ5lAw3gKF8Kw0AfKtUJWbwdlDHY14K413B0MCyrzvQvsKTorwmwZcky0+QqY6RnVIZ/5FttB9bQmkLXg==}
-    engines: {node: ^18.0.0 || >=20}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22}
     peerDependencies:
-      '@sveltejs/vite-plugin-svelte': ^3.0.0
+      '@sveltejs/vite-plugin-svelte': ^4.0.0-next.0||^4.0.0
-      svelte: ^4.0.0 || ^5.0.0-next.0
+      svelte: ^5.0.0-next.96 || ^5.0.0
       vite: ^5.0.0
 
-  '@sveltejs/vite-plugin-svelte@3.1.2':
+  '@sveltejs/vite-plugin-svelte@4.0.0-next.7':
-    resolution: {integrity: sha512-Txsm1tJvtiYeLUVRNqxZGKR/mI+CzuIQuc2gn+YCs9rMTowpNZ2Nqt53JdL8KF9bLhAf2ruR/dr9eZCwdTriRA==}
+    resolution: {integrity: sha512-yMUnAqquoayvBDztk1rWUgdtvjv7YcHgopCAB7sWl9SQht8U/7lqwTlJU0ZTAY09pFFRe6bbakd7YoiyyIvJiA==}
-    engines: {node: ^18.0.0 || >=20}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22}
     peerDependencies:
-      svelte: ^4.0.0 || ^5.0.0-next.0
+      svelte: ^5.0.0-next.96 || ^5.0.0
       vite: ^5.0.0
 
   '@swc/helpers@0.5.13':
@@ -4345,12 +4345,6 @@ packages:
     peerDependencies:
       svelte: ^4.0.0
 
-  svelte-hmr@0.16.0:
-    resolution: {integrity: sha512-Gyc7cOS3VJzLlfj7wKS0ZnzDVdv3Pn2IuVeJPk9m2skfhcu5bq3wtIZyQGggr7/Iim5rH5cncyQft/kRLupcnA==}
-    engines: {node: ^12.20 || ^14.13.1 || >= 16}
-    peerDependencies:
-      svelte: ^3.19.0 || ^4.0.0
-
   svelte-keyed@2.0.0:
     resolution: {integrity: sha512-7TeEn+QbJC2OJrHiuM0T8vMBkms3DNpTE+Ir+NtnVBnBMA78aL4f1ft9t0Hn/pBbD/TnIXi4YfjFRAgtN+DZ5g==}
     peerDependencies:
@@ -4724,8 +4718,8 @@ packages:
       terser:
         optional: true
 
-  vitefu@0.2.5:
+  vitefu@1.0.2:
-    resolution: {integrity: sha512-SgHtMLoqaeeGnd2evZ849ZbACbnwQCIwRH57t18FxcXoZop0uQu0uzlIhJBlF/eWVzuce0sHeqPcDo+evVcg8Q==}
+    resolution: {integrity: sha512-0/iAvbXyM3RiPPJ4lyD4w6Mjgtf4ejTK6TPvTNG3H32PLwuT0N/ZjJLiXug7ETE/LWtTeHw9WRv7uX/tIKYyKg==}
     peerDependencies:
       vite: ^3.0.0 || ^4.0.0 || ^5.0.0
     peerDependenciesMeta:
@@ -6137,22 +6131,22 @@ snapshots:
   '@sodaru/yup-to-json-schema@2.0.1':
     optional: true
 
-  '@sveltejs/adapter-auto@3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))':
+  '@sveltejs/adapter-auto@3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))':
     dependencies:
-      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       import-meta-resolve: 4.1.0
 
-  '@sveltejs/adapter-node@5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))':
+  '@sveltejs/adapter-node@5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))':
     dependencies:
       '@rollup/plugin-commonjs': 26.0.1(rollup@4.21.2)
       '@rollup/plugin-json': 6.1.0(rollup@4.21.2)
       '@rollup/plugin-node-resolve': 15.2.3(rollup@4.21.2)
-      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       rollup: 4.21.2
 
-  '@sveltejs/adapter-vercel@5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))':
+  '@sveltejs/adapter-vercel@5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))':
     dependencies:
-      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       '@vercel/nft': 0.27.4
       esbuild: 0.21.5
     transitivePeerDependencies:
@@ -6169,9 +6163,9 @@ snapshots:
     transitivePeerDependencies:
       - rollup
 
-  '@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))':
+  '@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))':
     dependencies:
-      '@sveltejs/vite-plugin-svelte': 3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/vite-plugin-svelte': 4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       '@types/cookie': 0.6.0
       cookie: 0.6.0
       devalue: 5.0.0
@@ -6187,26 +6181,25 @@ snapshots:
       tiny-glob: 0.2.9
       vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1)
 
-  '@sveltejs/vite-plugin-svelte-inspector@2.1.0(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))':
+  '@sveltejs/vite-plugin-svelte-inspector@3.0.0-next.3(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))':
     dependencies:
-      '@sveltejs/vite-plugin-svelte': 3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/vite-plugin-svelte': 4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       debug: 4.3.6
       svelte: 5.0.0-next.175
       vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1)
     transitivePeerDependencies:
       - supports-color
 
-  '@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))':
+  '@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))':
     dependencies:
-      '@sveltejs/vite-plugin-svelte-inspector': 2.1.0(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/vite-plugin-svelte-inspector': 3.0.0-next.3(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       debug: 4.3.6
       deepmerge: 4.3.1
       kleur: 4.1.5
       magic-string: 0.30.11
       svelte: 5.0.0-next.175
-      svelte-hmr: 0.16.0(svelte@5.0.0-next.175)
       vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1)
-      vitefu: 0.2.5(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      vitefu: 1.0.2(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
     transitivePeerDependencies:
       - supports-color
 
@@ -7253,11 +7246,11 @@ snapshots:
       cross-spawn: 7.0.3
       signal-exit: 4.1.0
 
-  formsnap@1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)):
+  formsnap@1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)):
     dependencies:
       nanoid: 5.0.7
       svelte: 5.0.0-next.175
-      sveltekit-superforms: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)
+      sveltekit-superforms: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)
 
   forwarded@0.2.0: {}
 
@@ -8667,10 +8660,6 @@ snapshots:
       svelte-render: 2.0.1(svelte@5.0.0-next.175)
       svelte-subscribe: 2.0.1(svelte@5.0.0-next.175)
 
-  svelte-hmr@0.16.0(svelte@5.0.0-next.175):
-    dependencies:
-      svelte: 5.0.0-next.175
-
   svelte-keyed@2.0.0(svelte@5.0.0-next.175):
     dependencies:
       svelte: 5.0.0-next.175
@@ -8762,14 +8751,14 @@ snapshots:
       magic-string: 0.30.11
       zimmerframe: 1.1.2
 
-  sveltekit-flash-message@2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175):
+  sveltekit-flash-message@2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175):
     dependencies:
-      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       svelte: 5.0.0-next.175
 
-  sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175):
+  sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175):
     dependencies:
-      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
+      '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))
       devalue: 5.0.0
       just-clone: 6.2.0
       memoize-weak: 1.0.2
@@ -9023,7 +9012,7 @@ snapshots:
       fsevents: 2.3.3
       sass: 1.79.1
 
-  vitefu@0.2.5(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)):
+  vitefu@1.0.2(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)):
     optionalDependencies:
       vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1)
 

src/lib/server/api/databases/seeds/users.ts

@@ -1,9 +1,8 @@
 import * as schema from '$lib/server/api/databases/tables'
 import type { db } from '$lib/server/api/packages/drizzle'
 import { eq } from 'drizzle-orm'
-import { Argon2id } from 'oslo/password'
-import { config } from '../../common/config'
 import users from './data/users.json'
+import { HashingService } from '../../services/hashing.service'
 
 type JsonRole = {
 	name: string
@@ -11,6 +10,7 @@ type JsonRole = {
 }
 
 export default async function seed(db: db) {
+	const hashingService = new HashingService()
 	const adminRole = await db.select().from(schema.rolesTable).where(eq(schema.rolesTable.name, 'admin'))
 	const userRole = await db.select().from(schema.rolesTable).where(eq(schema.rolesTable.name, 'user'))
 
@@ -32,7 +32,7 @@ export default async function seed(db: db) {
 	await db.insert(schema.credentialsTable).values({
 		user_id: adminUser[0].id,
 		type: schema.CredentialsType.PASSWORD,
-		secret_data: await new Argon2id().hash(`${process.env.ADMIN_PASSWORD}`),
+		secret_data: await hashingService.hash(`${process.env.ADMIN_PASSWORD}`),
 	})
 
 	await db.insert(schema.collections).values({ user_id: adminUser[0].id }).onConflictDoNothing()
@@ -60,6 +60,7 @@ export default async function seed(db: db) {
 		.onConflictDoNothing()
 
 	console.log('Admin user given user role.')
+	const hasingService = new HashingService()
 	await Promise.all(
 		users.map(async (user) => {
 			const [insertedUser] = await db
@@ -71,7 +72,7 @@ export default async function seed(db: db) {
 			await db.insert(schema.credentialsTable).values({
 				user_id: insertedUser?.id,
 				type: schema.CredentialsType.PASSWORD,
-				secret_data: await new Argon2id().hash(user.password),
+				secret_data: await hasingService.hash(user.password),
 			})
 			await db.insert(schema.collections).values({ user_id: insertedUser?.id })
 			await db.insert(schema.wishlistsTable).values({ user_id: insertedUser?.id })

src/lib/server/api/mockTest.ts

@@ -1,10 +0,0 @@
-import { Argon2id } from "oslo/password";
-
-export async function hash(value: string) {
-  const argon2 = new Argon2id()
-  return argon2.hash(value);
-}
-
-export function verify(hashedValue: string, value: string) {
-  return new Argon2id().verify(hashedValue, value);
-}

src/lib/server/api/services/drizzle.service.ts

@@ -7,7 +7,7 @@ import { type Disposable, injectable } from 'tsyringe'
 @injectable()
 export class DrizzleService implements Disposable {
 	protected readonly pool: pg.Pool
-	readonly db: NodePgDatabase<typeof schema>
+	db: NodePgDatabase<typeof schema>
 	readonly schema: typeof schema = schema
 
 	constructor() {

src/lib/server/api/services/hashing.service.ts

@@ -1,34 +1,51 @@
-import { injectable } from "tsyringe";
+import { scrypt } from 'node:crypto'
-import { Argon2id } from "oslo/password";
+import { decodeHex, encodeHexLowerCase } from '@oslojs/encoding'
+import { constantTimeEqual } from '@oslojs/crypto/subtle'
+import { injectable } from 'tsyringe'
 
-/* ---------------------------------- Note ---------------------------------- */
-/*
-Reference: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
-
-I use Scrpt as the hashing algorithm due to its higher compatability
-with vite's build system and it uses less memory than Argon2id.
-
-You can use Argon2id or any other hashing algorithm you prefer.
-*/
-/* -------------------------------------------------------------------------- */
-/*
-With Argon2id, you get the following error at times when vite optimizes its dependencies at times,
-
-Error: Build failed with 2 errors:
-node_modules/.pnpm/@node-rs+argon2@1.7.0/node_modules/@node-rs/argon2/index.js:159:36: ERROR: No loader is configured for ".node" files: node_module
-*/
-/* -------------------------------------------------------------------------- */
-// If you don't use a hasher from oslo, which are preconfigured with recommended parameters from OWASP,
-// ensure that you configure them properly.
 @injectable()
 export class HashingService {
-  private readonly hasher = new Argon2id();
+	private N: number
+	private r: number
+	private p: number
+	private dkLen: number
 
-  async hash(data: string) {
+	constructor() {
-    return this.hasher.hash(data);
+		this.N = 16384
-  }
+		this.r = 16
+		this.p = 1
+		this.dkLen = 64
+	}
+	async hash(password: string) {
+		const salt = encodeHexLowerCase(crypto.getRandomValues(new Uint8Array(16)))
+		const key = await this.generateKey(password, salt)
+		return `${salt}:${encodeHexLowerCase(key)}`
+	}
 
-  async verify(hash: string, data: string) {
+	async verify(hash: string, password: string) {
-    return this.hasher.verify(hash, data)
+		const [salt, key] = hash.split(':')
-  }
+		const targetKey = await this.generateKey(password, salt)
+		return constantTimeEqual(targetKey, decodeHex(key))
+	}
+
+	async generateKey(password: string, salt: string): Promise<Buffer> {
+		return await new Promise((resolve, reject) => {
+			scrypt(
+				password.normalize('NFKC'),
+				salt,
+				this.dkLen,
+				{
+					N: this.N,
+					p: this.p,
+					r: this.r,
+					// errors when 128 * N * r > `maxmem` (approximately)
+					maxmem: 128 * this.N * this.r * 2,
+				},
+				(err, buff) => {
+					if (err) return reject(err)
+					return resolve(buff)
+				},
+			)
+		})
+	}
 }

src/lib/server/api/services/recovery-codes.service.ts

@@ -1,12 +1,15 @@
 import 'reflect-metadata'
 import { RecoveryCodesRepository } from '$lib/server/api/repositories/recovery-codes.repository'
 import { alphabet, generateRandomString } from 'oslo/crypto'
-import { Argon2id } from 'oslo/password'
 import { inject, injectable } from 'tsyringe'
+import { HashingService } from './hashing.service'
 
 @injectable()
 export class RecoveryCodesService {
-	constructor(@inject(RecoveryCodesRepository) private readonly recoveryCodesRepository: RecoveryCodesRepository) {}
+	constructor(
+		@inject(HashingService) private readonly hashingService: HashingService,
+		@inject(RecoveryCodesRepository) private readonly recoveryCodesRepository: RecoveryCodesRepository
+	) {}
 
 	async findAllRecoveryCodesByUserId(userId: string) {
 		return this.recoveryCodesRepository.findAllByUserId(userId)
@@ -16,7 +19,7 @@ export class RecoveryCodesService {
 		const createdRecoveryCodes = Array.from({ length: 5 }, () => generateRandomString(10, alphabet('A-Z', '0-9')))
 		if (createdRecoveryCodes && userId) {
 			for (const code of createdRecoveryCodes) {
-				const hashedCode = await new Argon2id().hash(code)
+				const hashedCode = await this.hashingService.hash(code)
 				console.log('Inserting recovery code', code, hashedCode)
 				await this.recoveryCodesRepository.create({ userId, code: hashedCode })
 			}

src/lib/server/api/tests/tokens.service.test.ts

@@ -1,5 +1,4 @@
 import 'reflect-metadata'
-import { Argon2id } from 'oslo/password'
 import { container } from 'tsyringe'
 import { afterAll, beforeAll, describe, expect, expectTypeOf, it, vi } from 'vitest'
 import { HashingService } from '../services/hashing.service'
@@ -19,7 +18,7 @@ describe('TokensService', () => {
 
 	describe('Generate Token', () => {
 		it('should resolve', async () => {
-			const hashedPassword = await new Argon2id().hash('111')
+			const hashedPassword = 'testhash'
 			hashingService.hash = vi.fn().mockResolvedValue(hashedPassword)
 			const spy_hashingService_hash = vi.spyOn(hashingService, 'hash')
 			const spy_hashingService_verify = vi.spyOn(hashingService, 'verify')
@@ -28,7 +27,7 @@ describe('TokensService', () => {
 			expect(spy_hashingService_verify).toBeCalledTimes(0)
 		})
 		it('should generate a token that is verifiable', async () => {
-			hashingService.hash = vi.fn().mockResolvedValue(await new Argon2id().hash('111'))
+			hashingService.hash = vi.fn().mockResolvedValue('testhash')
 			hashingService.verify = vi.fn().mockResolvedValue(true)
 			const spy_hashingService_hash = vi.spyOn(hashingService, 'hash')
 			const spy_hashingService_verify = vi.spyOn(hashingService, 'verify')

src/lib/server/api/tests/users.service.test.ts

@@ -1,12 +1,12 @@
 import 'reflect-metadata'
 import { CredentialsType } from '$lib/server/api/databases/tables'
 import { faker } from '@faker-js/faker'
-import { Argon2id } from 'oslo/password'
 import { container } from 'tsyringe'
 import { afterAll, beforeAll, describe, expect, it, vi } from 'vitest'
 import { CredentialsRepository } from '../repositories/credentials.repository'
 import { UsersRepository } from '../repositories/users.repository'
 import { CollectionsService } from '../services/collections.service'
+import { DrizzleService } from '../services/drizzle.service'
 import { TokensService } from '../services/tokens.service'
 import { UserRolesService } from '../services/user_roles.service'
 import { UsersService } from '../services/users.service'
@@ -15,21 +15,44 @@ import { WishlistsService } from '../services/wishlists.service'
 describe('UsersService', () => {
 	let service: UsersService
 	const credentialsRepository = vi.mocked(CredentialsRepository.prototype)
+	const drizzleService = vi.mocked(DrizzleService.prototype, { deep: true })
 	const tokensService = vi.mocked(TokensService.prototype)
 	const usersRepository = vi.mocked(UsersRepository.prototype)
 	const userRolesService = vi.mocked(UserRolesService.prototype)
 	const wishlistsService = vi.mocked(WishlistsService.prototype)
 	const collectionsService = vi.mocked(CollectionsService.prototype)
 
+	// Mocking the dependencies
+	vi.mock('pg', () => ({
+		Pool: vi.fn().mockImplementation(() => ({
+			connect: vi.fn(),
+			end: vi.fn(),
+		})),
+	}))
+
+	vi.mock('drizzle-orm/node-postgres', () => ({
+		drizzle: vi.fn().mockImplementation(() => ({
+			transaction: vi.fn().mockImplementation((callback) => callback()),
+			// Add other methods you need to mock
+		})),
+	}))
+
 	beforeAll(() => {
 		service = container
 			.register<CredentialsRepository>(CredentialsRepository, { useValue: credentialsRepository })
+			.register<DrizzleService>(DrizzleService, { useValue: drizzleService })
 			.register<TokensService>(TokensService, { useValue: tokensService })
 			.register<UsersRepository>(UsersRepository, { useValue: usersRepository })
 			.register<UserRolesService>(UserRolesService, { useValue: userRolesService })
 			.register<WishlistsService>(WishlistsService, { useValue: wishlistsService })
 			.register<CollectionsService>(CollectionsService, { useValue: collectionsService })
 			.resolve(UsersService)
+
+		drizzleService.db = {
+			transaction: vi.fn().mockImplementation(async (callback) => {
+				return await callback()
+			}),
+		} as any
 	})
 
 	afterAll(() => {
@@ -62,8 +85,11 @@ describe('UsersService', () => {
 
 	describe('Create User', () => {
 		it('should resolve', async () => {
-			const hashedPassword = new Argon2id().hash('111')
+			const hashedPassword = 'testhash'
 			tokensService.createHashedToken = vi.fn().mockResolvedValue(hashedPassword)
+			// drizzleService.db = {
+			// 	transaction: vi.fn().mockResolvedValue(dbUser satisfies Awaited<ReturnType<typeof drizzleService.db.transaction>>),
+			// }
 			usersRepository.create = vi.fn().mockResolvedValue(dbUser satisfies Awaited<ReturnType<typeof usersRepository.create>>)
 			credentialsRepository.create = vi.fn().mockResolvedValue(dbCredentials satisfies Awaited<ReturnType<typeof credentialsRepository.create>>)
 			userRolesService.addRoleToUser = vi.fn().mockResolvedValue(undefined)
@@ -96,7 +122,7 @@ describe('UsersService', () => {
 	})
 	describe('Update User', () => {
 		it('should resolve Password Exiting Credentials', async () => {
-			const hashedPassword = new Argon2id().hash('111')
+			const hashedPassword = 'testhash'
 			tokensService.createHashedToken = vi.fn().mockResolvedValue(hashedPassword)
 			credentialsRepository.update = vi.fn().mockResolvedValue(dbCredentials satisfies Awaited<ReturnType<typeof credentialsRepository.update>>)
 			credentialsRepository.findPasswordCredentialsByUserId = vi
@@ -112,7 +138,7 @@ describe('UsersService', () => {
 			expect(spy_credentialsRepository_update).toBeCalledTimes(1)
 		})
 		it('Should Create User Password No Existing Credentials', async () => {
-			const hashedPassword = new Argon2id().hash('111')
+			const hashedPassword = 'testhash'
 			tokensService.createHashedToken = vi.fn().mockResolvedValue(hashedPassword)
 			credentialsRepository.findPasswordCredentialsByUserId = vi.fn().mockResolvedValue(null)
 			credentialsRepository.create = vi.fn().mockResolvedValue(dbCredentials satisfies Awaited<ReturnType<typeof credentialsRepository.create>>)

src/routes/(auth)/totp/+page.server.ts

@@ -4,8 +4,7 @@ import { twoFactorTable, usersTable } from '$lib/server/api/databases/tables'
 import { db } from '$lib/server/api/packages/drizzle'
 import { recoveryCodeSchema, totpSchema } from '$lib/validations/auth'
 import { type Actions, fail } from '@sveltejs/kit'
-import { and, eq } from 'drizzle-orm'
+import { eq } from 'drizzle-orm'
-import { Argon2id } from 'oslo/password'
 import { redirect } from 'sveltekit-flash-message/server'
 import { zod } from 'sveltekit-superforms/adapters'
 import { superValidate } from 'sveltekit-superforms/server'
@@ -268,21 +267,21 @@ function totpTimeElapsed(initiatedTime: Date) {
 	return false
 }
 
-async function checkRecoveryCode(recoveryCode: string, userId: string) {
+// async function checkRecoveryCode(recoveryCode: string, userId: string) {
-	const userRecoveryCodes = await db.query.recoveryCodesTable.findMany({
+// 	const userRecoveryCodes = await db.query.recoveryCodesTable.findMany({
-		where: and(eq(recoveryCodesTable.used, false), eq(recoveryCodesTable.userId, userId)),
+// 		where: and(eq(recoveryCodesTable.used, false), eq(recoveryCodesTable.userId, userId)),
-	})
+// 	})
-	for (const code of userRecoveryCodes) {
+// 	for (const code of userRecoveryCodes) {
-		const validRecoveryCode = await new Argon2id().verify(code.code, recoveryCode)
+// 		const validRecoveryCode = await new Argon2id().verify(code.code, recoveryCode)
-		if (validRecoveryCode) {
+// 		if (validRecoveryCode) {
-			await db
+// 			await db
-				.update(recoveryCodesTable)
+// 				.update(recoveryCodesTable)
-				.set({
+// 				.set({
-					used: true,
+// 					used: true,
-				})
+// 				})
-				.where(eq(recoveryCodesTable.id, code.id))
+// 				.where(eq(recoveryCodesTable.id, code.id))
-			return true
+// 			return true
-		}
+// 		}
-	}
+// 	}
-	return false
+// 	return false
-}
+// }