From e1906dd9a85d7e54b8d0c94a5c4681be7d73549e Mon Sep 17 00:00:00 2001 From: Nathan Anderson Date: Fri, 4 Aug 2023 20:06:49 -0600 Subject: [PATCH] Fixed password hash and added salt to hash --- src/routes/user.zig | 4 ++-- src/utils.zig | 19 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/routes/user.zig b/src/routes/user.zig index ca41010..3c16d16 100644 --- a/src/routes/user.zig +++ b/src/routes/user.zig @@ -42,7 +42,7 @@ pub fn login(req: *httpz.Request, res: *httpz.Response) !void { } var user: ?models.User = null; - const password_hash = utils.hashPassword(body.password); + const password_hash = try utils.hashPassword(allocator, body.password); if (body.username != null) { const query = "WHERE pass_hash = ? and username = ?;"; @@ -107,7 +107,7 @@ pub fn signup(req: *httpz.Request, res: *httpz.Response) !void { // return; // } - const password_hash = @truncate(u32, std.hash.Wyhash.hash(auth.HASH_SEED, body.password)); + const password_hash = try utils.hashPassword(allocator, body.password); const now = @bitCast(u64, std.time.milliTimestamp()); const uname_query = diff --git a/src/utils.zig b/src/utils.zig index 577a36c..943683d 100644 --- a/src/utils.zig +++ b/src/utils.zig @@ -1,6 +1,7 @@ const std = @import("std"); const HASH_SEED: u64 = 6065983110; +const HASH_SALT: []const u8 = "ZnNLSRbY12DpPeMaPooKhOsxk7Qq325a2KF8EoIIeOaEz"; fn SpreadResult(comptime Base: type, comptime Additional: type) type { comptime { @@ -125,8 +126,9 @@ pub fn generateRandomString(allocator: std.mem.Allocator) ![]const u8 { return code; } -pub fn hashPassword(password: []const u8) u32 { - const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, password)); +pub fn hashPassword(allocator: std.mem.Allocator, password: []const u8) !u32 { + const salted_password = try std.mem.concat(allocator, u8, &[_][]const u8{ password, HASH_SALT }); + const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, salted_password)); return password_hash; } @@ -135,13 +137,16 @@ test { // const data = structConcatFields(vote, .{ .id2 = vote.id }); // std.log.err("\n{any}\n", .{data}); - const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 }; - const date = removeStructFields(user, &[_]u8{4}); - std.debug.print("\n{any}\n", .{date}); + // const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 }; + // const date = removeStructFields(user, &[_]u8{4}); + // std.debug.print("\n{any}\n", .{date}); var gpa = std.testing.allocator_instance; + // _ = gpa; var allocator = gpa.allocator(); + // _ = allocator; - const code = try generateRandomString(allocator); - std.debug.print("\nGot {s}\n", .{code}); + // const code = try generateRandomString(allocator); + const hash = try hashPassword(allocator, "password"); + std.debug.print("\nGot {}\n", .{hash}); }