From 84992b73ebf1544a659925af9a53823945dfd946 Mon Sep 17 00:00:00 2001
From: gmemstr <bladesimmer@gmail.com>
Date: Mon, 9 Oct 2017 17:34:04 -0700
Subject: [PATCH] Add password hashing to loginHandler

Will create user management page for admins soon as well. This will be fine for the time being though -> https://www.dailycred.com/article/bcrypt-calculator for generating hashes.
---
 .gitignore               | 3 ++-
 Godeps/Godeps.json       | 8 ++++++++
 assets/config/users.json | 4 ++--
 router/router.go         | 3 ++-
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index cc16a14..bdd0bbe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,4 +21,5 @@ feed\.rss
 
 assets/static/custom\.css
 
-config\.json
\ No newline at end of file
+config\.json
+vendor/
diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json
index 8630a87..709de63 100644
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@@ -17,6 +17,14 @@
 			"Comment": "v1.4.0-10-g18fca31",
 			"Rev": "18fca31550181693b3a834a15b74b564b3605876"
 		},
+		{
+			"ImportPath": "golang.org/x/crypto/bcrypt",
+			"Rev": "9419663f5a44be8b34ca85f08abc5fe1be11f8a3"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/blowfish",
+			"Rev": "9419663f5a44be8b34ca85f08abc5fe1be11f8a3"
+		},
 		{
 			"ImportPath": "golang.org/x/sys/unix",
 			"Rev": "0b25a408a50076fbbcae6b7ac0ea5fbb0b085e79"
diff --git a/assets/config/users.json b/assets/config/users.json
index 3df03d2..80ff945 100644
--- a/assets/config/users.json
+++ b/assets/config/users.json
@@ -1,4 +1,4 @@
 {
-	"admin": "password1",
-	"gabriel": "password"
+	"admin": "$2a$04$ZAf88Bao4Q768vKfCaKBlOqtPumwKwFhrcpBCdfMWWFX69wyhgTqi",
+	"gabriel": "$2a$04$KrhZ1q6FpOGqs0FVKMYhQ.BTYeVXztnjrM9RbK.0buI1OHfmyNEAy"
 }
\ No newline at end of file
diff --git a/router/router.go b/router/router.go
index 74c9fc9..fc88522 100644
--- a/router/router.go
+++ b/router/router.go
@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"strings"
+	"golang.org/x/crypto/bcrypt"
 
 	"github.com/gorilla/mux"
 	"github.com/gmemstr/pogo/admin"
@@ -146,7 +147,7 @@ func loginHandler() common.Handler {
 
 		// Iterate through map until we find matching username
 		for k, v := range u {
-			if k == username && v == password {
+			if k == username && bcrypt.CompareHashAndPassword([]byte(v), []byte(password)) == nil {
 				// Create a cookie here because the credentials are correct
 				c, err := auth.CreateSession(&common.User{
 					Username: k,