Mercurial > lbo > hg > analyrics
changeset 17:acf064f0e934
Implement salted passwords
author | Lewin Bormann <lbo@spheniscida.de> |
---|---|
date | Mon, 11 Jul 2022 20:09:46 -0700 |
parents | be0b8268c936 |
children | ab4b3012fde3 |
files | Cargo.toml assets/index.html.hbs config_schema_sqlite.sql schema_sqlite.sql src/main.rs usertool/Cargo.toml usertool/src/main.rs |
diffstat | 7 files changed, 49 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/Cargo.toml Mon Jul 11 19:32:29 2022 -0700 +++ b/Cargo.toml Mon Jul 11 20:09:46 2022 -0700 @@ -22,3 +22,5 @@ sqlite = ["rocket_db_pools/sqlx_sqlite"] postgres = ["rocket_db_pools/sqlx_postgres"] +[workspace] +members = ["usertool"]
--- a/assets/index.html.hbs Mon Jul 11 19:32:29 2022 -0700 +++ b/assets/index.html.hbs Mon Jul 11 20:09:46 2022 -0700 @@ -15,6 +15,7 @@ #errortext { } #error { text-align: center; border-style: solid; border-color: #aa2222; margin-left: 30%; margin-right: 30%; } + .plottitle { text-align: center; } .plotrow { border-style: solid; border-color: blue; text-align: center; } .plotframe { border-style: solid; border-color: green; display: inline-block; margin: 5pt; } @@ -24,6 +25,8 @@ </head> <body> + + <!-- Header --> <div id="header"> <span id="logo">AnaLyrics</span> {{#if loggedin}} @@ -39,9 +42,10 @@ {{#if flash}}<div id="flash"><span id="flashtext">{{flash}}<span></div>{{/if}} {{#if error}}<div id="error"><span id="errortext">{{error}}</span></div>{{/if}} - <!-- Plots --> + <!-- Plots -- only shown when logged in. --> {{#if loggedin}} <div class="plotrow row1"> + <div class="plottitle">Visits and Sessions</div> <div class="plotframe fullwidth"> <canvas id="visitsAndSessions" height="100"></canvas> </div>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/config_schema_sqlite.sql Mon Jul 11 20:09:46 2022 -0700 @@ -0,0 +1,18 @@ + +DROP TABLE IF EXISTS users; +CREATE TABLE users ( + id INTEGER PRIMARY KEY, + username TEXT NOT NULL, + name TEXT, + salt TEXT, + password_hash TEXT +); + +DROP TABLE IF EXISTS domainpermissions; +CREATE TABLE domainpermissions ( + id INTEGER PRIMARY KEY, + username TEXT NOT NULL, + domain TEXT NOT NULL, + + FOREIGN KEY (username) REFERENCES users (username) +);
--- a/schema_sqlite.sql Mon Jul 11 19:32:29 2022 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,9 +0,0 @@ - -DROP TABLE IF EXISTS users; -CREATE TABLE users ( - id INTEGER PRIMARY KEY, - username TEXT, - name TEXT, - salt TEXT, - password_hash TEXT -);
--- a/src/main.rs Mon Jul 11 19:32:29 2022 -0700 +++ b/src/main.rs Mon Jul 11 20:09:46 2022 -0700 @@ -49,8 +49,19 @@ password: S, ) -> Result<bool, Error> { // TODO: salt passwords. - let pwdhash = sha256::digest(password.as_ref()); - let q = sqlx::query("SELECT username FROM users WHERE username = ? AND password_hash = ?") + let salt: String = match sqlx::query("SELECT salt FROM users WHERE username = ? LIMIT 1;") + .bind(user.as_ref()) + .fetch_one(&mut *self.0) + .await + { + Ok(r) => r.get(0), + Err(e) => { + warn!("Error querying salt: {}", e); + return Ok(false); + } + }; + let pwdhash = sha256::digest(format!("{}{}", salt, password.as_ref())); + let q = sqlx::query("SELECT username FROM users WHERE username = ? AND password_hash = ?;") .bind(user.as_ref()) .bind(pwdhash); let result = self.0.fetch_all(q).await?;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usertool/Cargo.toml Mon Jul 11 20:09:46 2022 -0700 @@ -0,0 +1,8 @@ +[package] +name = "usertool" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies]