summaryrefslogtreecommitdiff
path: root/pkg/model/account.go
diff options
context:
space:
mode:
authorJulien Dessaux2024-11-16 00:36:17 +0100
committerJulien Dessaux2024-11-16 00:36:17 +0100
commit5b6da560896970c610c691dff6ed052a57ed5a1d (patch)
tree7ec12f39943513230659d3068d59e8687770f053 /pkg/model/account.go
parentfix(tfstated): return 403 Forbidden on non existent account (diff)
downloadtfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.gz
tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.tar.bz2
tfstated-5b6da560896970c610c691dff6ed052a57ed5a1d.zip
fix(tfstated): hash passwords instead of relying on the database encryption key
Diffstat (limited to 'pkg/model/account.go')
-rw-r--r--pkg/model/account.go42
1 files changed, 34 insertions, 8 deletions
diff --git a/pkg/model/account.go b/pkg/model/account.go
index 86032b8..4336dfa 100644
--- a/pkg/model/account.go
+++ b/pkg/model/account.go
@@ -1,15 +1,41 @@
package model
-import "time"
+import (
+ "crypto/sha256"
+ "crypto/subtle"
+ "time"
+
+ "git.adyxax.org/adyxax/tfstated/pkg/scrypto"
+ "golang.org/x/crypto/pbkdf2"
+)
+
+const (
+ PBKDF2Iterations = 600000
+ SaltSize = 32
+)
type AccountContextKey struct{}
type Account struct {
- Id int
- Username string
- Password string
- IsAdmin bool
- Created time.Time
- LastLogin time.Time
- Settings any
+ Id int
+ Username string
+ Salt []byte
+ PasswordHash []byte
+ IsAdmin bool
+ Created time.Time
+ LastLogin time.Time
+ Settings any
+}
+
+func (account *Account) CheckPassword(password string) bool {
+ hash := HashPassword(password, account.Salt)
+ return subtle.ConstantTimeCompare(hash, account.PasswordHash) == 1
+}
+
+func GenerateSalt() []byte {
+ return scrypto.RandomBytes(SaltSize)
+}
+
+func HashPassword(password string, salt []byte) []byte {
+ return pbkdf2.Key([]byte(password), salt, PBKDF2Iterations, 32, sha256.New)
}