From 15bec45b5ea1fd985cc566048015de973ce1a63a Mon Sep 17 00:00:00 2001 From: mxxntype <59417007+mxxntype@users.noreply.github.com> Date: Wed, 22 May 2024 19:52:25 +0300 Subject: [PATCH] feat(server): Implement `blake3` password hashing --- Cargo.lock | 32 ++++++++++++++++++++++++++++++++ server/Cargo.toml | 1 + server/src/services/registry.rs | 11 +++++++++-- 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 76593e3..7066a83 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -32,6 +32,18 @@ version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "25bdb32cbbdce2b519a9cd7df3a678443100e265d5e25ca763b7572a5104f5f3" +[[package]] +name = "arrayref" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545" + +[[package]] +name = "arrayvec" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" + [[package]] name = "async-stream" version = "0.3.5" @@ -149,6 +161,19 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +[[package]] +name = "blake3" +version = "1.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30cca6d3674597c30ddf2c587bf8d9d65c9a84d2326d941cc79c9842dfe0ef52" +dependencies = [ + "arrayref", + "arrayvec", + "cc", + "cfg-if", + "constant_time_eq", +] + [[package]] name = "byteorder" version = "1.5.0" @@ -214,6 +239,12 @@ dependencies = [ "tokio-util", ] +[[package]] +name = "constant_time_eq" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2" + [[package]] name = "crossterm" version = "0.27.0" @@ -1243,6 +1274,7 @@ checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" name = "tcp-chat" version = "0.1.0" dependencies = [ + "blake3", "color-eyre", "diesel", "futures", diff --git a/server/Cargo.toml b/server/Cargo.toml index e14a948..11f0817 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -12,6 +12,7 @@ path = "src/main.rs" path = "src/lib.rs" [dependencies] +blake3 = "1.5.1" color-eyre = "0.6.3" diesel = { version = "2.1.6", features = ["postgres", "uuid", "r2d2"] } futures = "0.3.30" diff --git a/server/src/services/registry.rs b/server/src/services/registry.rs index 7810c67..cf39aa2 100644 --- a/server/src/services/registry.rs +++ b/server/src/services/registry.rs @@ -41,7 +41,7 @@ impl proto::registry_server::Registry for Registry { use diesel::query_dsl::methods::{FilterDsl, SelectDsl}; use diesel::{ExpressionMethods, OptionalExtension, RunQueryDsl, SelectableHelper}; - let credentials = request.into_inner(); + let mut credentials = request.into_inner(); let duplicate_user = users .filter(username.eq(&credentials.username)) .select(User::as_select()) @@ -52,6 +52,9 @@ impl proto::registry_server::Registry for Registry { match duplicate_user { // No duplicate usernames found, registering a new account. None => { + // Hash the password using Blake3. + credentials.password = blake3::hash(credentials.password.as_bytes()).to_string(); + let mut rng = self.rng.lock().await; let user = User::new(credentials.username.clone(), credentials.password, &mut rng); let _ = diesel::insert_into(users) @@ -86,7 +89,11 @@ impl proto::registry_server::Registry for Registry { use diesel::query_dsl::methods::{FilterDsl, SelectDsl}; use diesel::{ExpressionMethods, OptionalExtension, RunQueryDsl, SelectableHelper}; - let credentials = request.into_inner(); + let mut credentials = request.into_inner(); + + // Hash the password using Blake3. + credentials.password = blake3::hash(credentials.password.as_bytes()).to_string(); + let candidate_user = users .filter(username.eq(&credentials.username)) .filter(password.eq(&credentials.password))