fix: hash pwds

very basic but better than plaintext

Cargo.toml

@@ -21,3 +21,4 @@ tracing = "0.1"
 jwt = "0.16"
 sha2 = "0.10"
 hmac = "0.12"
+sha256 = "1.4.0"

src/routes/auth.rs

@@ -77,7 +77,8 @@ pub async fn authenticate(State(state): State<AppState>, Json(payload): Json<pro
 		.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?;
 
 	if let Some(u) = user {
-		if payload.password == u.password {
+		let pwd_hash = sha256::digest(payload.password);
+		if pwd_hash == u.password {
 			let s = entities::property::Entity::find().filter(
 				entities::property::Column::UserId.eq(u.id)
 			).one(&state.db).await.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, proto::Error::simple("db error").json()))?;

src/routes/register.rs

@@ -35,12 +35,14 @@ pub async fn register_unmigrated(State(state): State<AppState>, Json(payload): J
 	let name = profile.name.clone();
 	let uuid = profile.id;
 
+	let pwd_hash = sha256::digest(payload.password);
+
 	entities::user::Entity::insert(
 		entities::user::ActiveModel {
 			id: NotSet,
 			name: Set(name),
 			email: Set(user.username),
-			password: Set(payload.password),
+			password: Set(pwd_hash),
 			uuid: Set(uuid),
 		}
 	).exec(&state.db).await