diff options
Diffstat (limited to 'db')
-rw-r--r-- | db/db.go | 1 | ||||
-rw-r--r-- | db/session.go | 7 | ||||
-rw-r--r-- | db/user.go | 43 |
3 files changed, 18 insertions, 33 deletions
@@ -56,6 +56,7 @@ type Model interface { DeleteSession(session Session) error TouchSession(session Session) error CheckSession(session Session) (bool, error) + CheckSessionId(id string) (bool, error) CleanSessions(maxIdle time.Duration) error AllSessions() ([]Session, error) diff --git a/db/session.go b/db/session.go index 8590d2f..da081f9 100644 --- a/db/session.go +++ b/db/session.go @@ -90,6 +90,13 @@ func (p *Phlox) CheckSession(session Session) (bool, error) { } + +func (p *Phlox) CheckSessionId(id string) (bool, error) { + session := Session{ Id: id } + return p.CheckSession(session) +} + + func (p *Phlox) TouchSession(session Session) error { now := time.Now().UTC().Format(time.RFC3339) _, err := p.db.Exec( @@ -1,7 +1,7 @@ package db import ( - "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/argon2" "crypto/rand" "encoding/base64" "database/sql" @@ -23,21 +23,8 @@ func getNextUserId(db *sql.DB) (int, error) { } -func saltPassword(password string, salt []byte) []byte { - salted := []byte(password) - salted = append(salted, salt...) - return salted -} - - -func hashPassword(password string, salt []byte) ([]byte, error) { - salted := saltPassword(password, salt) - hash, err := bcrypt.GenerateFromPassword(salted, bcrypt.DefaultCost) - if err != nil { - return []byte{}, err - } - - return hash, nil +func hashPassword(password string, salt []byte) []byte { + return argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32) } @@ -55,10 +42,7 @@ func (p *Phlox) CreateUser(username, password string) (User, error) { return user, err } - hash, err := hashPassword(password, salt) - if err != nil { - return user, err - } + hash := hashPassword(password, salt) hash64 := base64.StdEncoding.EncodeToString(hash) salt64 := base64.StdEncoding.EncodeToString(salt) @@ -86,13 +70,10 @@ func (p *Phlox) DeleteUser(user User) error { func (p *Phlox) SetPassword(user User, password string) error { - hash, err := hashPassword(password, user.Salt) - if err != nil { - return err - } + hash := hashPassword(password, user.Salt) hash64 := base64.StdEncoding.EncodeToString(hash) - _, err = p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id) + _, err := p.db.Exec("update users set passwordhash=? where userid=?;", hash64, user.Id) return err } @@ -135,15 +116,11 @@ func (p *Phlox) AuthenticateUser(username, password string) (bool, User, error) return false, User{}, err } - salted := saltPassword(password, user.Salt) - err = bcrypt.CompareHashAndPassword(user.PasswordHash, salted) - if err != nil { - // bad password - return false, User{}, nil - } else { - // success! - return true, user, nil + hash := hashPassword(password, user.Salt) + for i, v := range user.PasswordHash { + if v != hash[i] { return false, user, nil; } } + return true, user, nil } |