electricdusk/rushlink
3
3
Fork 3
Code Issues 21 Pull Requests 2 Releases Activity

WIP: Add users system, required for uploading new pastes #77

Draft
yorick wants to merge 8 commits from yorick/rushlink:users into master
pull from: yorick/rushlink:users
merge into: electricdusk:master
Conversation 0 Commits 8 Files Changed 8 +2 -3
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 11975d7911 - Show all commits

5
internal/db/user.go
View File

@ -1,8 +1,8 @@
package db package db
import ( import (
"bytes"
"crypto/rand" "crypto/rand"
"crypto/subtle"
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt" "fmt"
@ -111,8 +111,7 @@ func comparePassword(hashedPassword string, password string) (bool, error) {
computedHash := argon2.IDKey([]byte(password), salt, 2, 64*1024, 1, pwdHashSize) computedHash := argon2.IDKey([]byte(password), salt, 2, 64*1024, 1, pwdHashSize)
// Compare the computed hash with the stored hash // Compare the computed hash with the stored hash
// todo constant time? return subtle.ConstantTimeCompare(hash, computedHash) == 1, nil
return bytes.Equal(hash, computedHash), nil
} }
yorick marked this conversation as resolved
mrngm commented 2023-04-30 20:37:12 +02:00
Review
Copy Link

return subtle.ConstantTimeCompare(hash, computedHash) == 1, nil (from crypto/subtle)

`return subtle.ConstantTimeCompare(hash, computedHash) == 1, nil` (from `crypto/subtle`)
// DeleteUser deletes a user with the specified username from the database. // DeleteUser deletes a user with the specified username from the database.