diff options
| author | Columbiysky <c.7843543@gmail.com> | 2025-05-03 12:27:53 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-03 12:27:53 +0300 |
| commit | 85cbad3ef420ffdd7fec8657d247fdfe5e03903d (patch) | |
| tree | 56036fc74abb46dd5de231bd8eeeeea50e6fcf0c /web/service | |
| parent | 3d54e330514293e9385258da773be1a0e927a7f5 (diff) | |
feat: hashing user passwords
solves problems #2944, #2783
Diffstat (limited to 'web/service')
| -rw-r--r-- | web/service/user.go | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/web/service/user.go b/web/service/user.go index 7438cf1a..72ae25a2 100644 --- a/web/service/user.go +++ b/web/service/user.go @@ -6,6 +6,7 @@ import ( "x-ui/database" "x-ui/database/model" "x-ui/logger" + "x-ui/util/crypto" "gorm.io/gorm" ) @@ -29,8 +30,9 @@ func (s *UserService) CheckUser(username string, password string, secret string) db := database.GetDB() user := &model.User{} + err := db.Model(model.User{}). - Where("username = ? and password = ? and login_secret = ?", username, password, secret). + Where("username = ? and login_secret = ?", username, secret). First(user). Error if err == gorm.ErrRecordNotFound { @@ -39,14 +41,25 @@ func (s *UserService) CheckUser(username string, password string, secret string) logger.Warning("check user err:", err) return nil } - return user + + if crypto.CheckPasswordHash(user.Password, password) { + return user + } + + return nil } func (s *UserService) UpdateUser(id int, username string, password string) error { db := database.GetDB() + hashedPassword, err := crypto.HashPasswordAsBcrypt(password) + + if err != nil { + return err + } + return db.Model(model.User{}). Where("id = ?", id). - Updates(map[string]any{"username": username, "password": password}). + Updates(map[string]any{"username": username, "password": hashedPassword}). Error } @@ -100,17 +113,23 @@ func (s *UserService) UpdateFirstUser(username string, password string) error { } else if password == "" { return errors.New("password can not be empty") } + hashedPassword, er := crypto.HashPasswordAsBcrypt(password) + + if er != nil { + return er + } + db := database.GetDB() user := &model.User{} err := db.Model(model.User{}).First(user).Error if database.IsNotFound(err) { user.Username = username - user.Password = password + user.Password = hashedPassword return db.Model(model.User{}).Create(user).Error } else if err != nil { return err } user.Username = username - user.Password = password + user.Password = hashedPassword return db.Save(user).Error } |