Fixed password hash and added salt to hash

This commit is contained in:
Nathan Anderson 2023-08-04 20:06:49 -06:00
parent 7abe33ecaa
commit e1906dd9a8
2 changed files with 14 additions and 9 deletions

View File

@ -42,7 +42,7 @@ pub fn login(req: *httpz.Request, res: *httpz.Response) !void {
} }
var user: ?models.User = null; var user: ?models.User = null;
const password_hash = utils.hashPassword(body.password); const password_hash = try utils.hashPassword(allocator, body.password);
if (body.username != null) { if (body.username != null) {
const query = const query =
"WHERE pass_hash = ? and username = ?;"; "WHERE pass_hash = ? and username = ?;";
@ -107,7 +107,7 @@ pub fn signup(req: *httpz.Request, res: *httpz.Response) !void {
// return; // return;
// } // }
const password_hash = @truncate(u32, std.hash.Wyhash.hash(auth.HASH_SEED, body.password)); const password_hash = try utils.hashPassword(allocator, body.password);
const now = @bitCast(u64, std.time.milliTimestamp()); const now = @bitCast(u64, std.time.milliTimestamp());
const uname_query = const uname_query =

View File

@ -1,6 +1,7 @@
const std = @import("std"); const std = @import("std");
const HASH_SEED: u64 = 6065983110; const HASH_SEED: u64 = 6065983110;
const HASH_SALT: []const u8 = "ZnNLSRbY12DpPeMaPooKhOsxk7Qq325a2KF8EoIIeOaEz";
fn SpreadResult(comptime Base: type, comptime Additional: type) type { fn SpreadResult(comptime Base: type, comptime Additional: type) type {
comptime { comptime {
@ -125,8 +126,9 @@ pub fn generateRandomString(allocator: std.mem.Allocator) ![]const u8 {
return code; return code;
} }
pub fn hashPassword(password: []const u8) u32 { pub fn hashPassword(allocator: std.mem.Allocator, password: []const u8) !u32 {
const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, password)); const salted_password = try std.mem.concat(allocator, u8, &[_][]const u8{ password, HASH_SALT });
const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, salted_password));
return password_hash; return password_hash;
} }
@ -135,13 +137,16 @@ test {
// const data = structConcatFields(vote, .{ .id2 = vote.id }); // const data = structConcatFields(vote, .{ .id2 = vote.id });
// std.log.err("\n{any}\n", .{data}); // std.log.err("\n{any}\n", .{data});
const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 }; // const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 };
const date = removeStructFields(user, &[_]u8{4}); // const date = removeStructFields(user, &[_]u8{4});
std.debug.print("\n{any}\n", .{date}); // std.debug.print("\n{any}\n", .{date});
var gpa = std.testing.allocator_instance; var gpa = std.testing.allocator_instance;
// _ = gpa;
var allocator = gpa.allocator(); var allocator = gpa.allocator();
// _ = allocator;
const code = try generateRandomString(allocator); // const code = try generateRandomString(allocator);
std.debug.print("\nGot {s}\n", .{code}); const hash = try hashPassword(allocator, "password");
std.debug.print("\nGot {}\n", .{hash});
} }