electricdusk/rushlink
3
3
Fork 3
Code Issues 21 Pull Requests 2 Releases Activity

WIP: Add users system, required for uploading new pastes #77

Draft
yorick wants to merge 8 commits from yorick/rushlink:users into master
pull from: yorick/rushlink:users
merge into: electricdusk:master
Conversation 0 Commits 8 Files Changed 8 +2 -3
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 11975d7911 - Show all commits

5
internal/db/user.go
View File

@ -1,8 +1,8 @@
package db
import (
"bytes"
"crypto/rand"
"crypto/subtle"
"encoding/base64"
"errors"
"fmt"
@ -111,8 +111,7 @@ func comparePassword(hashedPassword string, password string) (bool, error) {
computedHash := argon2.IDKey([]byte(password), salt, 2, 64*1024, 1, pwdHashSize)
// Compare the computed hash with the stored hash
// todo constant time?
return bytes.Equal(hash, computedHash), nil
return subtle.ConstantTimeCompare(hash, computedHash) == 1, nil
}
yorick marked this conversation as resolved
mrngm commented 2023-04-30 20:37:12 +02:00
Review
Copy Link

return subtle.ConstantTimeCompare(hash, computedHash) == 1, nil (from crypto/subtle)

`return subtle.ConstantTimeCompare(hash, computedHash) == 1, nil` (from `crypto/subtle`)
// DeleteUser deletes a user with the specified username from the database.