From 3553c7080ab51cfb33fd571437f891b7b24ff296 Mon Sep 17 00:00:00 2001
From: alemi <me@alemi.dev>
Date: Mon, 20 Nov 2023 03:01:27 +0100
Subject: [PATCH] fix: hash pwds

very basic but better than plaintext
---
 Cargo.toml             | 1 +
 src/routes/auth.rs     | 3 ++-
 src/routes/register.rs | 4 +++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index de5ab66..9429b53 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,3 +21,4 @@ tracing = "0.1"
 jwt = "0.16"
 sha2 = "0.10"
 hmac = "0.12"
+sha256 = "1.4.0"
diff --git a/src/routes/auth.rs b/src/routes/auth.rs
index acbba17..0375ad2 100644
--- a/src/routes/auth.rs
+++ b/src/routes/auth.rs
@@ -77,7 +77,8 @@ pub async fn authenticate(State(state): State<AppState>, Json(payload): Json<pro
 		.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?;
 
 	if let Some(u) = user {
-		if payload.password == u.password {
+		let pwd_hash = sha256::digest(payload.password);
+		if pwd_hash == u.password {
 			let s = entities::property::Entity::find().filter(
 				entities::property::Column::UserId.eq(u.id)
 			).one(&state.db).await.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?;
diff --git a/src/routes/register.rs b/src/routes/register.rs
index a8627c8..d1cbfc4 100644
--- a/src/routes/register.rs
+++ b/src/routes/register.rs
@@ -35,12 +35,14 @@ pub async fn register_unmigrated(State(state): State<AppState>, Json(payload): J
 	let name = profile.name.clone();
 	let uuid = profile.id;
 
+	let pwd_hash = sha256::digest(payload.password);
+
 	entities::user::Entity::insert(
 		entities::user::ActiveModel {
 			id: NotSet,
 			name: Set(name),
 			email: Set(user.username),
-			password: Set(payload.password),
+			password: Set(pwd_hash),
 			uuid: Set(uuid),
 		}
 	).exec(&state.db).await