Add password hashing to loginHandler

Will create user management page for admins soon as well. This will be fine for the time being though -> https://www.dailycred.com/article/bcrypt-calculator for generating hashes.
2024-09-19 17:21:10 +01:00 · 2017-10-09 17:34:04 -07:00 · 2017-10-09 17:34:04 -07:00 · 84992b73eb
parent ef80d2bc20
commit 84992b73eb
4 changed files with 14 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -21,4 +21,5 @@ feed\.rss

 assets/static/custom\.css

-config\.json
+config\.json
+vendor/
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -17,6 +17,14 @@
 			"Comment": "v1.4.0-10-g18fca31",
 			"Rev": "18fca31550181693b3a834a15b74b564b3605876"
 		},
+		{
+			"ImportPath": "golang.org/x/crypto/bcrypt",
+			"Rev": "9419663f5a44be8b34ca85f08abc5fe1be11f8a3"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/blowfish",
+			"Rev": "9419663f5a44be8b34ca85f08abc5fe1be11f8a3"
+		},
 		{
 			"ImportPath": "golang.org/x/sys/unix",
 			"Rev": "0b25a408a50076fbbcae6b7ac0ea5fbb0b085e79"
--- a/assets/config/users.json
+++ b/assets/config/users.json
@ -1,4 +1,4 @@
 {
-	"admin": "password1",
-	"gabriel": "password"
+	"admin": "$2a$04$ZAf88Bao4Q768vKfCaKBlOqtPumwKwFhrcpBCdfMWWFX69wyhgTqi",
+	"gabriel": "$2a$04$KrhZ1q6FpOGqs0FVKMYhQ.BTYeVXztnjrM9RbK.0buI1OHfmyNEAy"
 }
--- a/router/router.go
+++ b/router/router.go
@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"strings"
+	"golang.org/x/crypto/bcrypt"

 	"github.com/gorilla/mux"
 	"github.com/gmemstr/pogo/admin"
@ -146,7 +147,7 @@ func loginHandler() common.Handler {

 		// Iterate through map until we find matching username
 		for k, v := range u {
-			if k == username && v == password {
+			if k == username && bcrypt.CompareHashAndPassword([]byte(v), []byte(password)) == nil {
 				// Create a cookie here because the credentials are correct
 				c, err := auth.CreateSession(&common.User{
 					Username: k,