preisi/dyndns-server
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Wiki Activity

auth.go: use hashed/salted passwords instead of plaintext

Browse source
This commit is contained in:
Thomas Preisner 2018-09-22 14:59:15 +02:00
parent 892c4b27ac
commit 32bf03dc07
2 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
auth.go
View file

@ -1,16 +1,18 @@
package main package main
import ( import (
"crypto/subtle" "golang.org/x/crypto/bcrypt"
"database/sql" "database/sql"
"fmt" "fmt"
"net/http" "net/http"
) )
func authenticateUser(db *sql.DB, username, password string) bool { func authenticateUser(db *sql.DB, username, password string) bool {
pass, ok := getPasswordForUser(db, username) hashedPassword, ok := getPasswordForUser(db, username)
if ok { if ok {
return subtle.ConstantTimeCompare([]byte(pass), []byte(password)) == 1 err := bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))
//TODO: print error message?
return err == nil
} else { } else {
return false return false
} }

6
data.go
View file

@ -43,14 +43,14 @@ func prepareDatabase() (*sql.DB, error) {
return db, nil return db, nil
} }
func getPasswordForUser(db *sql.DB, username string) (string, bool) { func getPasswordForUser(db *sql.DB, username string) ([]byte, bool) {
var password string var password []byte
row := db.QueryRow("SELECT password FROM users WHERE username=$1", username) row := db.QueryRow("SELECT password FROM users WHERE username=$1", username)
err := row.Scan(&password) err := row.Scan(&password)
if err != nil { if err != nil {
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
return "", false return nil, false
} else { } else {
panic(err) panic(err)
} }