celogeek/photos-api
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

encrypt password with more secure algo

Browse Source
This commit is contained in:
celogeek 2022-05-26 17:08:21 +02:00
parent 396c0fbc08
commit 7d69b35b9d
Signed by: celogeek
GPG Key ID: E6B7BDCFC446233A
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
internal/photos/api/account.go
View File

@ -6,6 +6,7 @@ import (
"time" "time"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
"gorm.io/gorm" "gorm.io/gorm"
) )
@ -20,7 +21,7 @@ type Account struct {
ID uint32 `gorm:"primary_key" json:"-"` ID uint32 `gorm:"primary_key" json:"-"`
Login string `gorm:"unique;size:64;not null" json:"login"` Login string `gorm:"unique;size:64;not null" json:"login"`
Password string `gorm:"-" json:"-"` Password string `gorm:"-" json:"-"`
EncryptedPassword string `gorm:"size:44;not null" json:"-"` EncryptedPassword string `gorm:"size:60;not null" json:"-"`
CreatedAt time.Time `json:"created_at"` CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"-"` UpdatedAt time.Time `json:"-"`
} }
@ -33,9 +34,8 @@ func (a *Account) BeforeCreate(tx *gorm.DB) error {
} }
func (a *Account) EncryptPassword() { func (a *Account) EncryptPassword() {
ch := NewChecksum() b, _ := bcrypt.GenerateFromPassword([]byte(a.Password), 12)
ch.Write([]byte(a.Password)) a.EncryptedPassword = string(b)
a.EncryptedPassword = ch.String()
} }
func NewAccount(login string, password string) *Account { func NewAccount(login string, password string) *Account {
@ -95,7 +95,7 @@ func (s *Service) Login(c *gin.Context) {
session, err := NewSession(s.DB, account.Login, account.Password) session, err := NewSession(s.DB, account.Login, account.Password)
if err != nil { if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) { if errors.Is(err, gorm.ErrRecordNotFound) || errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
c.AbortWithError(http.StatusNotFound, ErrAccountAuth) c.AbortWithError(http.StatusNotFound, ErrAccountAuth)
} else { } else {
c.AbortWithError(http.StatusInternalServerError, err) c.AbortWithError(http.StatusInternalServerError, err)

9
internal/photos/api/session.go
View File

@ -8,6 +8,7 @@ import (
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/google/uuid" "github.com/google/uuid"
"golang.org/x/crypto/bcrypt"
"gorm.io/gorm" "gorm.io/gorm"
) )
@ -38,14 +39,16 @@ func (s *Session) BeforeCreate(tx *gorm.DB) error {
} }
func NewSession(tx *gorm.DB, login string, password string) (*Session, error) { func NewSession(tx *gorm.DB, login string, password string) (*Session, error) {
account := NewAccount(login, password) account := &Account{Login: login}
if err := tx.Where( if err := tx.Where(
"login = ? and encrypted_password = ?", "login = ?",
account.Login, account.Login,
account.EncryptedPassword,
).First(account).Error; err != nil { ).First(account).Error; err != nil {
return nil, err return nil, err
} }
if err := bcrypt.CompareHashAndPassword([]byte(account.EncryptedPassword), []byte(password)); err != nil {
return nil, err
}
session := &Session{Account: account} session := &Session{Account: account}
if err := tx.Create(session).Error; err != nil { if err := tx.Create(session).Error; err != nil {