Salting and hashing admin creds upon creation

2025-03-11 16:51:06 -07:00 · 2025-03-11 16:51:06 -07:00 · 1c9d0a6207
commit 1c9d0a6207
parent 503ba812f2
1 changed files with 6 additions and 4 deletions
--- a/admin-cli/src/main.rs
+++ b/admin-cli/src/main.rs
@ -5,7 +5,7 @@ use clap::Parser;
 use postgres::{Client, NoTls};
 use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
 use serde::Serialize;
-use argon2::{Argon2, PasswordHasher, password_hash::Salt, PasswordHash};
+use argon2::{Argon2, PasswordHasher, password_hash::Salt};


 const PASSWORD_LENGTH: usize = 64;
@ -44,8 +44,9 @@ fn random_string(size: usize) -> String {
 }

 fn salt_and_hash(password: &str) -> String {
-    let salt = random_string(8);
-    let salt: Salt = salt.as_str().try_into().unwrap();
+    // Generates a salted and hashed variation of the given password
+    let salt_str = random_string(8);
+    let salt: Salt = salt_str.as_str().try_into().unwrap();
    let a2 = Argon2::default();
    let hash = a2.hash_password(password.as_bytes(), salt).unwrap();
    hash.to_string()
@ -91,9 +92,10 @@ fn full_setup(args: Args) -> Result<Config, postgres::Error> {
    client.batch_execute(&setup_tables_script)?;

    // Populate the user table with the first user ( owner )
+    let salted = salt_and_hash(&bubble_admin.password);
    client.execute(
        "INSERT INTO users (id, username, password) VALUES (gen_random_uuid(), $1, $2)",
-        &[&bubble_admin.username, &bubble_admin.password]
+        &[&bubble_admin.username, &salted]
    )?;
    Ok(Config {
        postgres: postgres_admin,