feat: hash utility

feat: hash user's password on register
feat: hash admin's password before creation
2025-05-21 21:17:55 +02:00 · 2025-05-21 21:17:50 +02:00 · 2025-05-21 21:17:41 +02:00 · 2025-05-21 21:17:30 +02:00
4 changed files with 37 additions and 2 deletions
--- a/internal/auth/routes.go
+++ b/internal/auth/routes.go
@ -81,6 +81,11 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if !util.VerifyPassword(params.Password, user.PasswordHash) {
+		web.Error(w, "username or/and password are incorrect", http.StatusBadRequest)
+		return
+	}
+
 	claims := types.UserClaims{
 		UserID: user.ID.String(),
 		RegisteredClaims: jwt.RegisteredClaims{
--- a/internal/user/admin.go
+++ b/internal/user/admin.go
@ -2,10 +2,12 @@ package user

 import (
 	"context"
+	"fmt"
 	"log"
 	"os"

 	"gitea.local/admin/hspguard/internal/repository"
+	"gitea.local/admin/hspguard/internal/util"
 	"github.com/google/uuid"
 )

@ -35,10 +37,16 @@ func EnsureAdminUser(ctx context.Context, repo *repository.Queries) {
 }

 func createAdmin(ctx context.Context, name, email, password string, repo *repository.Queries) (uuid.UUID, error) {
+	hash, err := util.HashPassword(password)
+	if err != nil {
+		var id uuid.UUID
+		return id, fmt.Errorf("failed to hash the admin password")
+	}
+
 	return repo.InsertUser(ctx, repository.InsertUserParams{
 		FullName:     name,
 		Email:        email,
-		PasswordHash: password,
+		PasswordHash: hash,
 		IsAdmin:      true,
 	})
 }
--- a/internal/user/routes.go
+++ b/internal/user/routes.go
@ -6,6 +6,7 @@ import (
 	"net/http"

 	"gitea.local/admin/hspguard/internal/repository"
+	"gitea.local/admin/hspguard/internal/util"
 	"gitea.local/admin/hspguard/internal/web"
 	"github.com/go-chi/chi/v5"
 )
@ -51,10 +52,16 @@ func (h *UserHandler) register(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	hash, err := util.HashPassword(params.Password)
+	if err != nil {
+		web.Error(w, "failed to create user account", http.StatusInternalServerError)
+		return
+	}
+
 	id, err := h.repo.InsertUser(context.Background(), repository.InsertUserParams{
 		FullName:     params.FullName,
 		Email:        params.Email,
-		PasswordHash: params.Password,
+		PasswordHash: hash,
 		IsAdmin:      false,
 	})
 	if err != nil {
--- a/internal/util/hash.go
+++ b/internal/util/hash.go
@ -0,0 +1,15 @@
+package util
+
+import "golang.org/x/crypto/bcrypt"
+
+// HashPassword generates a bcrypt hash for the given password.
+func HashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
+	return string(bytes), err
+}
+
+// VerifyPassword verifies if the given password matches the stored hash.
+func VerifyPassword(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}
Author	SHA1	Message	Date
LandaMm	9473c83679	feat: hash utility	2025-05-21 21:17:55 +02:00
LandaMm	0b8c03e8c5	feat: hash user's password on register	2025-05-21 21:17:50 +02:00
LandaMm	55eb4c9862	feat: hash admin's password before creation	2025-05-21 21:17:41 +02:00
LandaMm	de28470432	feat: check passwords on login	2025-05-21 21:17:30 +02:00