feat: add DANGEROUSLY_DISABLE_PBKDF2_ITERATION option for demo

Author: joshunrau

.env.template

@@ -60,6 +60,9 @@ VERBOSE=false
 NODE_OPTIONS="--max-old-space-size=8192"
 # Enable rate limitting 
 THROTTLER_ENABLED=true
+# Disable iteration for password hashing (not recommended for production)
+# See https://pages.nist.gov/800-63-3/sp800-63b.html
+# DANGEROUSLY_DISABLE_PBKDF2_ITERATION=
 
 ## ---------------------------------
 ## DEVELOPMENT

apps/api/src/app.module.ts

@@ -34,6 +34,9 @@ import { UsersModule } from './users/users.module';
       inject: [ConfigurationService],
       isGlobal: true,
       useFactory: (configurationService: ConfigurationService) => ({
+        pbkdf2Params: {
+          iterations: configurationService.get('DANGEROUSLY_DISABLE_PBKDF2_ITERATION') ? 1 : 100_000
+        },
         secretKey: configurationService.get('SECRET_KEY')
       })
     }),

apps/api/src/configuration/configuration.schema.ts

@@ -14,6 +14,7 @@ export const $Configuration = z
   .object({
     API_DEV_SERVER_PORT: z.coerce.number().positive().int().optional(),
     API_PROD_SERVER_PORT: z.coerce.number().positive().int().default(80),
+    DANGEROUSLY_DISABLE_PBKDF2_ITERATION: $BooleanString.default(false),
     DEBUG: $BooleanString,
     GATEWAY_API_KEY: z.string().min(32),
     GATEWAY_DEV_SERVER_PORT: z.coerce.number().positive().int().optional(),