fix: hash pwds

very basic but better than plaintext
This commit is contained in:
əlemi 2023-11-20 03:01:27 +01:00
parent 508569c90e
commit 3553c7080a
Signed by: alemi
GPG key ID: A4895B84D311642C
3 changed files with 6 additions and 2 deletions

View file

@ -21,3 +21,4 @@ tracing = "0.1"
jwt = "0.16" jwt = "0.16"
sha2 = "0.10" sha2 = "0.10"
hmac = "0.12" hmac = "0.12"
sha256 = "1.4.0"

View file

@ -77,7 +77,8 @@ pub async fn authenticate(State(state): State<AppState>, Json(payload): Json<pro
.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?; .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?;
if let Some(u) = user { if let Some(u) = user {
if payload.password == u.password { let pwd_hash = sha256::digest(payload.password);
if pwd_hash == u.password {
let s = entities::property::Entity::find().filter( let s = entities::property::Entity::find().filter(
entities::property::Column::UserId.eq(u.id) entities::property::Column::UserId.eq(u.id)
).one(&state.db).await.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?; ).one(&state.db).await.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?;

View file

@ -35,12 +35,14 @@ pub async fn register_unmigrated(State(state): State<AppState>, Json(payload): J
let name = profile.name.clone(); let name = profile.name.clone();
let uuid = profile.id; let uuid = profile.id;
let pwd_hash = sha256::digest(payload.password);
entities::user::Entity::insert( entities::user::Entity::insert(
entities::user::ActiveModel { entities::user::ActiveModel {
id: NotSet, id: NotSet,
name: Set(name), name: Set(name),
email: Set(user.username), email: Set(user.username),
password: Set(payload.password), password: Set(pwd_hash),
uuid: Set(uuid), uuid: Set(uuid),
} }
).exec(&state.db).await ).exec(&state.db).await