summaryrefslogtreecommitdiff
path: root/db
diff options
context:
space:
mode:
Diffstat (limited to 'db')
-rw-r--r--db/db.go1
-rw-r--r--db/session.go7
-rw-r--r--db/user.go43
3 files changed, 18 insertions, 33 deletions
diff --git a/db/db.go b/db/db.go
index d9b4578..c58f6ad 100644
--- a/db/db.go
+++ b/db/db.go
@@ -56,6 +56,7 @@ type Model interface {
DeleteSession(session Session) error
TouchSession(session Session) error
CheckSession(session Session) (bool, error)
+ CheckSessionId(id string) (bool, error)
CleanSessions(maxIdle time.Duration) error
AllSessions() ([]Session, error)
diff --git a/db/session.go b/db/session.go
index 8590d2f..da081f9 100644
--- a/db/session.go
+++ b/db/session.go
@@ -90,6 +90,13 @@ func (p *Phlox) CheckSession(session Session) (bool, error) {
}
+
+func (p *Phlox) CheckSessionId(id string) (bool, error) {
+ session := Session{ Id: id }
+ return p.CheckSession(session)
+}
+
+
func (p *Phlox) TouchSession(session Session) error {
now := time.Now().UTC().Format(time.RFC3339)
_, err := p.db.Exec(
diff --git a/db/user.go b/db/user.go
index 27e6f89..1aff73f 100644
--- a/db/user.go
+++ b/db/user.go
@@ -1,7 +1,7 @@
package db
import (
- "golang.org/x/crypto/bcrypt"
+ "golang.org/x/crypto/argon2"
"crypto/rand"
"encoding/base64"
"database/sql"
@@ -23,21 +23,8 @@ func getNextUserId(db *sql.DB) (int, error) {
}
-func saltPassword(password string, salt []byte) []byte {
- salted := []byte(password)
- salted = append(salted, salt...)
- return salted
-}
-
-
-func hashPassword(password string, salt []byte) ([]byte, error) {
- salted := saltPassword(password, salt)
- hash, err := bcrypt.GenerateFromPassword(salted, bcrypt.DefaultCost)
- if err != nil {
- return []byte{}, err
- }
-
- return hash, nil
+func hashPassword(password string, salt []byte) []byte {
+ return argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32)
}
@@ -55,10 +42,7 @@ func (p *Phlox) CreateUser(username, password string) (User, error) {
return user, err
}
- hash, err := hashPassword(password, salt)
- if err != nil {
- return user, err
- }
+ hash := hashPassword(password, salt)
hash64 := base64.StdEncoding.EncodeToString(hash)
salt64 := base64.StdEncoding.EncodeToString(salt)
@@ -86,13 +70,10 @@ func (p *Phlox) DeleteUser(user User) error {
func (p *Phlox) SetPassword(user User, password string) error {
- hash, err := hashPassword(password, user.Salt)
- if err != nil {
- return err
- }
+ hash := hashPassword(password, user.Salt)
hash64 := base64.StdEncoding.EncodeToString(hash)
- _, err = p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id)
+ _, err := p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id)
return err
}
@@ -135,15 +116,11 @@ func (p *Phlox) AuthenticateUser(username, password string) (bool, User, error)
return false, User{}, err
}
- salted := saltPassword(password, user.Salt)
- err = bcrypt.CompareHashAndPassword(user.PasswordHash, salted)
- if err != nil {
- // bad password
- return false, User{}, nil
- } else {
- // success!
- return true, user, nil
+ hash := hashPassword(password, user.Salt)
+ for i, v := range user.PasswordHash {
+ if v != hash[i] { return false, user, nil; }
}
+ return true, user, nil
}