diff options
author | Julien Dessaux | 2024-11-16 00:36:17 +0100 |
---|---|---|
committer | Julien Dessaux | 2024-11-16 00:36:17 +0100 |
commit | 5b6da560896970c610c691dff6ed052a57ed5a1d (patch) | |
tree | 7ec12f39943513230659d3068d59e8687770f053 /pkg/model/account.go | |
parent | fix(tfstated): return 403 Forbidden on non existent account (diff) | |
download | tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.gz tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.bz2 tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.zip |
fix(tfstated): hash passwords instead of relying on the database encryption key
Diffstat (limited to 'pkg/model/account.go')
-rw-r--r-- | pkg/model/account.go | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/pkg/model/account.go b/pkg/model/account.go index 86032b8..4336dfa 100644 --- a/pkg/model/account.go +++ b/pkg/model/account.go @@ -1,15 +1,41 @@ package model -import "time" +import ( + "crypto/sha256" + "crypto/subtle" + "time" + + "git.adyxax.org/adyxax/tfstated/pkg/scrypto" + "golang.org/x/crypto/pbkdf2" +) + +const ( + PBKDF2Iterations = 600000 + SaltSize = 32 +) type AccountContextKey struct{} type Account struct { - Id int - Username string - Password string - IsAdmin bool - Created time.Time - LastLogin time.Time - Settings any + Id int + Username string + Salt []byte + PasswordHash []byte + IsAdmin bool + Created time.Time + LastLogin time.Time + Settings any +} + +func (account *Account) CheckPassword(password string) bool { + hash := HashPassword(password, account.Salt) + return subtle.ConstantTimeCompare(hash, account.PasswordHash) == 1 +} + +func GenerateSalt() []byte { + return scrypto.RandomBytes(SaltSize) +} + +func HashPassword(password string, salt []byte) []byte { + return pbkdf2.Key([]byte(password), salt, PBKDF2Iterations, 32, sha256.New) } |