Adding framework for salt & hashing passwords before creating admin users, still requires integration at this stage
This commit is contained in:
parent
a7bae463a2
commit
503ba812f2
39
Cargo.lock
generated
39
Cargo.lock
generated
@ -21,6 +21,7 @@ checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
|
||||
name = "admin-cli"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"argon2",
|
||||
"base64",
|
||||
"clap",
|
||||
"postgres",
|
||||
@ -96,6 +97,18 @@ dependencies = [
|
||||
"tokio",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "argon2"
|
||||
version = "0.5.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
|
||||
dependencies = [
|
||||
"base64ct",
|
||||
"blake2",
|
||||
"cpufeatures",
|
||||
"password-hash",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "async-stream"
|
||||
version = "0.3.6"
|
||||
@ -171,6 +184,12 @@ version = "0.22.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
|
||||
|
||||
[[package]]
|
||||
name = "base64ct"
|
||||
version = "1.7.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bb97d56060ee67d285efb8001fec9d2a4c710c32efd2e14b5cbb5ba71930fc2d"
|
||||
|
||||
[[package]]
|
||||
name = "binascii"
|
||||
version = "0.1.4"
|
||||
@ -183,6 +202,15 @@ version = "2.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
|
||||
|
||||
[[package]]
|
||||
name = "blake2"
|
||||
version = "0.10.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
|
||||
dependencies = [
|
||||
"digest",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "block-buffer"
|
||||
version = "0.10.4"
|
||||
@ -906,6 +934,17 @@ dependencies = [
|
||||
"windows-targets 0.52.6",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "password-hash"
|
||||
version = "0.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
|
||||
dependencies = [
|
||||
"base64ct",
|
||||
"rand_core",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pear"
|
||||
version = "0.2.9"
|
||||
|
||||
@ -9,3 +9,4 @@ postgres = "0.19.9"
|
||||
base64 = "0.22.1"
|
||||
serde = { version = "1.0.215", features = ["derive"] }
|
||||
serde_json = "1.0.133"
|
||||
argon2 = "0.5.3"
|
||||
|
||||
@ -5,6 +5,7 @@ use clap::Parser;
|
||||
use postgres::{Client, NoTls};
|
||||
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
|
||||
use serde::Serialize;
|
||||
use argon2::{Argon2, PasswordHasher, password_hash::Salt, PasswordHash};
|
||||
|
||||
|
||||
const PASSWORD_LENGTH: usize = 64;
|
||||
@ -32,14 +33,24 @@ struct Config {
|
||||
bubble: Admin
|
||||
}
|
||||
|
||||
|
||||
fn random_string(size: usize) -> String {
|
||||
// Next we'll generate a bunch of random numbers
|
||||
// Generates a URL safe string of random text of a given size
|
||||
// Internally uses /dev/urandom to generate that string
|
||||
let mut buffer = vec![0; size];
|
||||
let mut f = std::fs::File::open("/dev/urandom").unwrap();
|
||||
f.read_exact(&mut buffer).unwrap();
|
||||
URL_SAFE_NO_PAD.encode(buffer)
|
||||
}
|
||||
|
||||
fn salt_and_hash(password: &str) -> String {
|
||||
let salt = random_string(8);
|
||||
let salt: Salt = salt.as_str().try_into().unwrap();
|
||||
let a2 = Argon2::default();
|
||||
let hash = a2.hash_password(password.as_bytes(), salt).unwrap();
|
||||
hash.to_string()
|
||||
}
|
||||
|
||||
fn admin(username: &str, password_size: usize) -> Admin {
|
||||
Admin {
|
||||
username: username.to_string(),
|
||||
|
||||
@ -3,7 +3,9 @@ CREATE TABLE IF NOT EXISTS users (
|
||||
id UUID,
|
||||
/* Acts as a kind of nick name per instance as it assumes no uniqueness */
|
||||
username VARCHAR(256),
|
||||
/* Basic salted+hashed password */
|
||||
/* Salt to be generated everytime password is (re)created */
|
||||
salt VARCHAR(256),
|
||||
/* Basic hashed password */
|
||||
password VARCHAR(256),
|
||||
PRIMARY KEY (id)
|
||||
);
|
||||
|
||||
7
dev.py
7
dev.py
@ -18,6 +18,11 @@ if __name__ == '__main__':
|
||||
help='Sets the database URL to use for connecting to postgres',
|
||||
default='postgres://psql:example@localhost:5432'
|
||||
)
|
||||
parser.add_argument(
|
||||
'-c',
|
||||
'--check-container',
|
||||
help='Execs into the given container with bash for debugging'
|
||||
)
|
||||
args = parser.parse_args()
|
||||
os.environ['DB_CONNECTION_STRING'] = args.db_url
|
||||
if args.init_db:
|
||||
@ -26,3 +31,5 @@ if __name__ == '__main__':
|
||||
env=os.environ,
|
||||
shell=True
|
||||
)
|
||||
if args.check_container:
|
||||
run(f'docker exec -it {args.check_container} bash'.split())
|
||||
|
||||
Loading…
Reference in New Issue
Block a user