Merge branch 'hashing-fix' into 'master'

Hashing fix See merge request rluv/zerver!1
2023-08-05 02:07:53 +00:00 · 2023-08-05 02:07:53 +00:00 · 1f5698c3fd
commit 1f5698c3fd
parent 6bba159e64 e1906dd9a8
3 changed files with 19 additions and 8 deletions
--- a/src/routes/auth.zig
+++ b/src/routes/auth.zig
@ -9,7 +9,6 @@ const utils = @import("../utils.zig");
 //TODO move these to env variables

 const key = "aGVyZUlzQUdpYmVyaXNoS2V5ISE=";
-pub const HASH_SEED: u64 = 6065983110;

 pub const VerifyAuthError = error{
    Unauthorized,
--- a/src/routes/user.zig
+++ b/src/routes/user.zig
@ -42,7 +42,7 @@ pub fn login(req: *httpz.Request, res: *httpz.Response) !void {
    }

    var user: ?models.User = null;
-    const password_hash = @truncate(u32, std.hash.Wyhash.hash(auth.HASH_SEED, body.password));
+    const password_hash = try utils.hashPassword(allocator, body.password);
    if (body.username != null) {
        const query =
            "WHERE pass_hash = ? and username = ?;";
@ -107,7 +107,7 @@ pub fn signup(req: *httpz.Request, res: *httpz.Response) !void {
    //     return;
    // }

-    const password_hash = @truncate(u32, std.hash.Wyhash.hash(auth.HASH_SEED, body.password));
+    const password_hash = try utils.hashPassword(allocator, body.password);
    const now = @bitCast(u64, std.time.milliTimestamp());

    const uname_query =
--- a/src/utils.zig
+++ b/src/utils.zig
@ -1,5 +1,8 @@
 const std = @import("std");

+const HASH_SEED: u64 = 6065983110;
+const HASH_SALT: []const u8 = "ZnNLSRbY12DpPeMaPooKhOsxk7Qq325a2KF8EoIIeOaEz";
+
 fn SpreadResult(comptime Base: type, comptime Additional: type) type {
    comptime {
        // const type_info = @typeInfo(Base);
@ -123,18 +126,27 @@ pub fn generateRandomString(allocator: std.mem.Allocator) ![]const u8 {
    return code;
 }

+pub fn hashPassword(allocator: std.mem.Allocator, password: []const u8) !u32 {
+    const salted_password = try std.mem.concat(allocator, u8, &[_][]const u8{ password, HASH_SALT });
+    const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, salted_password));
+    return password_hash;
+}
+
 test {
    // const vote = .{ .id = 0, .createdAt = "DATE" };
    // const data = structConcatFields(vote, .{ .id2 = vote.id });
    // std.log.err("\n{any}\n", .{data});

-    const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 };
-    const date = removeStructFields(user, &[_]u8{4});
-    std.debug.print("\n{any}\n", .{date});
+    // const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 };
+    // const date = removeStructFields(user, &[_]u8{4});
+    // std.debug.print("\n{any}\n", .{date});

    var gpa = std.testing.allocator_instance;
+    // _ = gpa;
    var allocator = gpa.allocator();
+    // _ = allocator;

-    const code = try generateRandomString(allocator);
-    std.debug.print("\nGot {s}\n", .{code});
+    // const code = try generateRandomString(allocator);
+    const hash = try hashPassword(allocator, "password");
+    std.debug.print("\nGot {}\n", .{hash});
 }