From e1906dd9a85d7e54b8d0c94a5c4681be7d73549e Mon Sep 17 00:00:00 2001
From: Nathan Anderson <nathananderson98@gmail.com>
Date: Fri, 4 Aug 2023 20:06:49 -0600
Subject: [PATCH] Fixed password hash and added salt to hash

---
 src/routes/user.zig |  4 ++--
 src/utils.zig       | 19 ++++++++++++-------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/routes/user.zig b/src/routes/user.zig
index ca41010..3c16d16 100644
--- a/src/routes/user.zig
+++ b/src/routes/user.zig
@@ -42,7 +42,7 @@ pub fn login(req: *httpz.Request, res: *httpz.Response) !void {
     }
 
     var user: ?models.User = null;
-    const password_hash = utils.hashPassword(body.password);
+    const password_hash = try utils.hashPassword(allocator, body.password);
     if (body.username != null) {
         const query =
             "WHERE pass_hash = ? and username = ?;";
@@ -107,7 +107,7 @@ pub fn signup(req: *httpz.Request, res: *httpz.Response) !void {
     //     return;
     // }
 
-    const password_hash = @truncate(u32, std.hash.Wyhash.hash(auth.HASH_SEED, body.password));
+    const password_hash = try utils.hashPassword(allocator, body.password);
     const now = @bitCast(u64, std.time.milliTimestamp());
 
     const uname_query =
diff --git a/src/utils.zig b/src/utils.zig
index 577a36c..943683d 100644
--- a/src/utils.zig
+++ b/src/utils.zig
@@ -1,6 +1,7 @@
 const std = @import("std");
 
 const HASH_SEED: u64 = 6065983110;
+const HASH_SALT: []const u8 = "ZnNLSRbY12DpPeMaPooKhOsxk7Qq325a2KF8EoIIeOaEz";
 
 fn SpreadResult(comptime Base: type, comptime Additional: type) type {
     comptime {
@@ -125,8 +126,9 @@ pub fn generateRandomString(allocator: std.mem.Allocator) ![]const u8 {
     return code;
 }
 
-pub fn hashPassword(password: []const u8) u32 {
-    const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, password));
+pub fn hashPassword(allocator: std.mem.Allocator, password: []const u8) !u32 {
+    const salted_password = try std.mem.concat(allocator, u8, &[_][]const u8{ password, HASH_SALT });
+    const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, salted_password));
     return password_hash;
 }
 
@@ -135,13 +137,16 @@ test {
     // const data = structConcatFields(vote, .{ .id2 = vote.id });
     // std.log.err("\n{any}\n", .{data});
 
-    const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 };
-    const date = removeStructFields(user, &[_]u8{4});
-    std.debug.print("\n{any}\n", .{date});
+    // const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 };
+    // const date = removeStructFields(user, &[_]u8{4});
+    // std.debug.print("\n{any}\n", .{date});
 
     var gpa = std.testing.allocator_instance;
+    // _ = gpa;
     var allocator = gpa.allocator();
+    // _ = allocator;
 
-    const code = try generateRandomString(allocator);
-    std.debug.print("\nGot {s}\n", .{code});
+    // const code = try generateRandomString(allocator);
+    const hash = try hashPassword(allocator, "password");
+    std.debug.print("\nGot {}\n", .{hash});
 }