sha256 hash password. (#60)

2024-07-24 14:40:50 +12:00 · 2023-11-19 15:31:18 +01:00 · 2023-11-19 15:31:18 +01:00 · d9bcde3331
commit d9bcde3331
parent 9d1ea87128
3 changed files with 22 additions and 6 deletions
--- a/internal/config/member.go
+++ b/internal/config/member.go
@ -33,6 +33,11 @@ func (Member) Init(cmd *cobra.Command) error {
 		return err
 	}

+	cmd.PersistentFlags().Bool("member.file.hash", true, "member file provider: whether to hash passwords using sha256 (recommended)")
+	if err := viper.BindPFlag("member.file.hash", cmd.PersistentFlags().Lookup("member.file.hash")); err != nil {
+		return err
+	}
+
 	// object provider
 	cmd.PersistentFlags().String("member.object.users", "[]", "member object provider: users in JSON format")
 	if err := viper.BindPFlag("member.object.users", cmd.PersistentFlags().Lookup("member.object.users")); err != nil {
@ -68,6 +73,7 @@ func (s *Member) Set() {

 	// file provider
 	s.File.Path = viper.GetString("member.file.path")
+	s.File.Hash = viper.GetBool("member.file.hash")

 	// object provider
 	if err := viper.UnmarshalKey("member.object.users", &s.Object.Users, viper.DecodeHook(
--- a/internal/member/file/provider.go
+++ b/internal/member/file/provider.go
@ -1,6 +1,7 @@
 package file

 import (
+	"crypto/sha256"
 	"encoding/json"
 	"io"
 	"os"
@ -18,6 +19,17 @@ type MemberProviderCtx struct {
 	config Config
 }

+func (provider *MemberProviderCtx) hash(password string) string {
+	// if hash is disabled, return password as plain text
+	if !provider.config.Hash {
+		return password
+	}
+
+	sha256 := sha256.New()
+	sha256.Write([]byte(password))
+	return string(sha256.Sum(nil))
+}
+
 func (provider *MemberProviderCtx) Connect() error {
 	return nil
 }
@ -35,8 +47,7 @@ func (provider *MemberProviderCtx) Authenticate(username string, password string
 		return "", types.MemberProfile{}, err
 	}

-	// TODO: Use hash function.
-	if entry.Password != password {
+	if entry.Password != provider.hash(password) {
 		return "", types.MemberProfile{}, types.ErrMemberInvalidPassword
 	}

@ -58,8 +69,7 @@ func (provider *MemberProviderCtx) Insert(username string, password string, prof
 	}

 	entries[id] = MemberEntry{
-		// TODO: Use hash function.
-		Password: password,
+		Password: provider.hash(password),
 		Profile:  profile,
 	}

@ -94,8 +104,7 @@ func (provider *MemberProviderCtx) UpdatePassword(id string, password string) er
 		return types.ErrMemberDoesNotExist
 	}

-	// TODO: Use hash function.
-	entry.Password = password
+	entry.Password = provider.hash(password)
 	entries[id] = entry

 	return provider.serialize(entries)
--- a/internal/member/file/types.go
+++ b/internal/member/file/types.go
@ -11,4 +11,5 @@ type MemberEntry struct {

 type Config struct {
 	Path string
+	Hash bool
 }