Feat: Hash metrics password (#1778)

hash the metrics password

if it is not already hashed

src/server/utils/password.ts

@@ -1,4 +1,5 @@
 import argon2 from 'argon2';
+import { deserialize } from '@phc/format';
 
 /**
  * Checks if `password` matches the hash.
@@ -16,3 +17,21 @@ export function isPasswordValid(
 export async function hashPassword(password: string): Promise<string> {
   return argon2.hash(password);
 }
+
+/**
+ * Checks if the password hash is valid.
+ * This only checks if the hash is a valid PHC formatted string using argon2.
+ */
+export function isValidPasswordHash(hash: string): boolean {
+  try {
+    const obj = deserialize(hash);
+
+    if (obj.id !== 'argon2i' && obj.id !== 'argon2d' && obj.id !== 'argon2id') {
+      return false;
+    }
+
+    return true;
+  } catch {
+    return false;
+  }
+}